The DarkAngels ransomware group is a group of threat actors which emerged in May of 2022 and have since been known to have conducted some of the biggest and most successful ransomware attacks in recent times. What makes this group even more impressive is the fact that they have kept such a low profile all this time, only now catching the limelight due to the record breaking payout they just received.
According to a report by Zscaler ThreatLabz, DarkAngels earlier this year were the beneficiaries of a $75 million payout from a Fortune 50 company, the largest ransomware payout in recorded history. This record was previously held by a $40 million payout from CNA Financial to hactivist group Phoenix in 2021.
Modus Operandi
The overall strategy employed by the group seems to implement the Pareto Principle, targeting a small amount of high-value targets, eliminating the ones that wouldn’t be as profitable.
The DarkAngels employ a unique highly targeted approach which sets them apart from the rest. They usually attack one company at a time focusing their resources solely on them. Most ransomware groups usually target victims indiscriminately. DarkAngels also do not outsource any part of their attack. They avoid hiring initial access brokers and penetration testing teams, instead using their own resources.
They have been observed using a variant of popular ransomware RagnarLocker in recent times but used Babuk in their early days.
Dunghill Leaks is their victim shaming website, which they rarely have to use thanks to their ability to extract payouts from their victims quietly.
Why do you need to know this?
The reason why it is important to understand who DarkAngels are and how they function is that they are disrupters. Their strategies are highly unorthodox but extremely effective. Other groups are sure to follow in their footsteps and we must be ready.