Security News
U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [...]
An unnamed Fortune 50 corporation paid a stonking $75 million to a ransomware gang to stop it leaking terabytes of stolen data. In September 2023, Dark Angels used a RagnarLocker variant to encrypt international conglomerate Johnson Controls' data, and demanded a $51 million ransom.
Ransomware attacks have reached new heights of ambition and audacity over the past year, marked by a notable surge in extortion attacks, according to a Zscaler. The findings from the report uncovered a record-breaking ransom payment of $75 million to the Dark Angels ransomware group, which is nearly double the highest publicly known ransomware payout, and an overall 18% increase in ransomware attacks year-over-year.
A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. "In early 2024, ThreatLabz uncovered a victim who paid Dark Angels $75 million, higher than any publicly known amount- an achievement that's bound to attract the interest of other attackers looking to replicate such success by adopting their key tactics," reads the 2024 Zscaler Ransomware Report.
Theoretically, the threat of ransomware would be more of a costly irritant than a catastrophe; the idea being that if you pay the ransom, the problem goes away. Research from McGrathNicol Advisory found that 73% of Australian organisations that experienced a ransomware attack in the past five years chose to pay the ransom.
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. "Russian-speaking threat actors from across the former Soviet Union consistently drive most types of crypto-enabled cybercrime, from ransomware to illicit crypto exchanges and darknet markets," explains TRM. Ransomware is a form of cybercrime in which attackers steal and encrypt data on compromised systems and then demand a ransom payment in exchange for a decryption key and a promise to delete the stolen files.
CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware. Last week, CDK restored services to car dealerships across the US after a two-week outage caused by a "Cyber incident" that looked a lot like a ransomware infection.
The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.
No ransomware gang ever claimed the attack or leaked stolen data, indicating that a ransom was paid. Just as the data breach notifications were being emailed on Thursday, an alleged employee claimed on Reddit that Panera paid paid a ransom to have the hackers delete the stolen data and avoid a public leak.
"Our report delivers a clear message: ransomware attacks will continue, be more severe than predicted, and the overall impact will cost organizations more than they expect. Organizations must take action to ensure cyber resiliency and acknowledge that rapid, clean recovery matters most," added Russell. Despite increased focus on cyber-preparedness, organizations still face a misalignment between their backup and cyber teams.