A major ransomware payout recently came to light, reported by cloud security firm Zscaler on Tuesday. The $75 million payment made to the Dark Angels ransomware group was uncovered by Zscaler’s research team, ThreatLabz, earlier this year. This finding was included in Zscaler’s annual ransomware report, which covers the period from April 2023 to April 2024.
The identity of the company that made the payment remains undisclosed.
According to Brett Stone-Gross, Zscaler’s Director of Threat Intelligence, Dark Angels operates differently from many ransomware groups. “Instead of using affiliates to conduct attacks, they execute attacks themselves on a smaller scale,” Stone-Gross told TechNewsWorld. “Rather than targeting multiple companies simultaneously, they focus on one large company at a time.”
Dark Angels also deviates from the typical ransomware playbook by aiming to avoid significant business disruption. “They steal large amounts of data but prefer to remain low-profile to minimize scrutiny from law enforcement and researchers,” Stone-Gross added.
The report indicates that Dark Angels’ approach—targeting a few high-value companies for substantial payouts—is a trend to watch. Zscaler ThreatLabz anticipates that other ransomware groups may adopt similar strategies to maximize their profits.
Steve Stone, head of Zero Labs at Rubrik, highlighted that many ransomware actors now combine data theft with encryption, effectively doubling their extortion demands. “They’re not only encrypting data but also stealing it to make additional extortion demands,” Stone explained to TechNewsWorld.
Zscaler’s report also noted a 17.8% increase in ransomware attacks blocked by its cloud services and a 57.8% rise in companies listed on data leak sites during the same period, despite various law enforcement efforts.
Chris Morales, CISO at Netenrich, cited several factors contributing to the rise in ransomware attacks, including expanded attack surfaces due to remote work and cloud adoption, sophisticated attack methods, and the availability of ransomware-as-a-service tools. “We’re also seeing large-scale breaches impacting millions of users,” Morales said. “This surge underscores the urgent need for a shift towards more proactive, data-driven security strategies.”
Stephen Kowski, field CTO at SlashNext, expects ransomware attacks to continue increasing in the latter half of 2024, with particular focus on healthcare, manufacturing, critical infrastructure, and supply chains. “Recent high-profile incidents underscore ongoing vulnerabilities,” he noted. “Organizations should enhance email security, implement zero-trust architectures, and improve threat detection and response capabilities.”
The report identified manufacturing, healthcare, and technology as the top targets for ransomware, with the energy sector experiencing a dramatic 500% increase in attacks year-over-year. Manufacturing was particularly targeted, being hit more than twice as often as other sectors.
Marcus Fowler, CEO of Darktrace Federal, noted that the convergence of IT and operational technology (OT) in critical infrastructure and manufacturing has expanded attack surfaces, making these sectors more vulnerable. “The integration of IT and OT increases workloads for security teams, complicating their ability to keep pace with threats,” Fowler explained.
Rogier Fischer, CEO of Hadrian, highlighted that increased digitization in manufacturing, which connects previously isolated systems to corporate IT environments, has made the sector more attractive to attackers. “The interconnectivity and historically lower cyber awareness in manufacturing contribute to its high risk,” Fischer added.
Zscaler’s Chief Security Officer, Deepen Desai, emphasized the importance of zero-trust architecture in combating ransomware. “The rise of ransomware-as-a-service, zero-day attacks, and AI-powered threats has led to unprecedented ransom demands,” Desai said. “Organizations must prioritize zero trust to enhance their security posture.”
Anne Cutler, a cybersecurity evangelist at Keeper Security, stressed the importance of investing in proactive cybersecurity measures. “A zero-trust model with least privilege access and robust data backups can limit the impact of cyberattacks,” she said. “Strong identity and access management is crucial for preventing common cyberattacks.”
However, Steve Hahn, executive vice president for the Americas at BullWall, cautioned that while zero trust can reduce attack likelihood, it is not a panacea. “Zero-day attacks, shadow IT, personal devices, and IoT are all potential attack vectors,” Hahn warned. “Even with zero-trust measures in place, ransomware can still encrypt all data if it gains access to shared drives.”