Hacking group Dark Angels received $75 million in bitcoin, marking the largest known ransomware attack to date
Quick Take
- Hacking group Dark Angels received a $75 million bitcoin ransom after attacking drug distributor Cencora in February.
- Blockchain research firm Chainalysis estimated that over $450 million was lost to ransomware attacks in the first half of 2024.
Hacking group Dark Angels pulled off the largest crypto heist in history, after perpetrating a cyberattack against the drug distributor Cencora, Bloomberg was first to report on Wednesday. The Pennsylvania-based Cencora paid out a $75 million ransom in three bitcoin payments last March.
Dark Angels, thought to be a cybercrime syndicate based in Russia, first emerged in 2021 and has attacked companies in the healthcare, finance, government and education sectors. In August, security firm Zscaler ThreatLabz said Dark Angels was the top ransomware threat for 2024 when it disclosed a then-unnamed company paid out $75 million following a data breach.
“The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time. This is in stark contrast to most ransomware groups, which target victims indiscriminately and outsource most of the attack to affiliate networks,” Zscaler wrote in a report. In 2023, the group demanded $51 million after exploiting international conglomerate Johnson Controls, though it’s unknown whether the full amount was paid.
Cencora initially disclosed the hack in a July regulatory filing, calling it a “material cybersecurity incident” that was discovered in February. The exfiltrated data included personally identifiable information (PII) and protected health information largely maintained by a “subsidiary that provides patient support services.”
“The Company believes it has contained the incident, and the Company has undertaken remediation efforts, which are ongoing,” CFO James F. Cleary wrote, adding that Cencora “does not believe the incident is reasonably likely to materially impact the Company’s financial condition.”
The initial ransom demand was $150 million, which would have been 275% higher than the $40 million previous largest ransom paid by CNA Financial Corp in 2021.
Cencora noted it has started working with cybersecurity experts to reinforce its IT systems to “prevent unauthorized occurrences.”
Blockchain sleuth ZachXBT believes he found the on-chain payments made to Dark Angels.
“I think it’s a bad look when a large publicly traded company like Cencora does not share the BTC transactions for the $75M payment to Dark Angels ransomeware [sic] group so I will just post it for them,” he wrote on X.
It is not clear whether Dark Angels has deleted the stolen data — which includes Cencora clients’ names, addresses, dates of birth, diagnoses and prescriptions — or how many people were affected.
Ransomware is a growing problem, particularly in the crypto industry. Blockchain research firm Chainalysis estimated that over $450 million was lost to ransomware attacks in the first half of 2024, putting the world “firmly on track for the worst year on record.”
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.