In early 2024, a significant breach involving the Dark Angels ransomware group resulted in the exfiltration of 100 terabytes of data from a large publicly traded company, culminating in an unprecedented $75 million ransom demand. Nearly a year after the event, the identity of the afflicted organization remains undisclosed, leaving cybersecurity experts and the public anxious for clarity.
The substantial ransom became public knowledge on July 29 when cybersecurity vendor Zscaler unveiled details in its 'ThreatLabz 2024 Ransomware Report.' The report stated, "ThreatLabz has uncovered a record breaking $75 million payment made by a Fortune 50 company to the #DarkAngels ransomware group," stirring speculation about which corporation might have been vulnerable.
"ThreatLabz has uncovered a record breaking $75 million payment made by a Fortune 50 company to the #DarkAngels ransomware group,"
Although Zscaler has not revealed the name of the victim, investigations and reporting have narrowed the focus towards Cencora, a prominent pharmaceutical distribution giant. Recently ranked No. 18 on the Fortune Global 500 list, Cencora — previously known as AmerisourceBergen — reportedly suffered a cyberattack earlier in 2024, leading to an 8-K filing with the U.S. Securities and Exchange Commission on February 27, detailing the breach's discovery date as February 21. "Data from its information systems had been exfiltrated, some of which may contain personal information," the filing stated.
"Data from its information systems had been exfiltrated, some of which may contain personal information,"
Impact and Legacy
As understanding around the attack deepens, Cencora later filed an amendment on July 31, revealing that the attackers had accessed even more sensitive data, including personally identifiable information and protected health information pertaining to customers' patients. Yet, the company concurrently reassured stakeholders that an internal investigation found no indications that the compromised data had been, or would be, made public. "The Company does not believe the incident is reasonably likely to materially impact the Company's financial condition or results of operations," the amendment asserted.
"The Company does not believe the incident is reasonably likely to materially impact the Company's financial condition or results of operations,"
A key development came on September 18, when Bloomberg News reported findings indicating that Dark Angels had indeed received the mammoth ransom, initially set at $150 million for the Cencora hack. This revelation was met with a noncommittal response from the company; a representative stated that Cencora would not address rumors or speculation.
Adding to the conversation, a cryptocurrency investigator known as "ZachXBT" shared details of three separate Bitcoin transactions allegedly linked to Cencora, revealing actions taken on March 7 and 8, which seemingly connected the dots to the ransom payment.
"ZachXBT"
Race Results
A Cencora spokesperson maintained that the company stands by its previous disclosures — notably an earnings report from July that identified expenses resulting from the breach. The report mentioned that Cencora had incurred $31.4 million in "other" costs over the nine months ending June 30, primarily due to the cyber incident.
"other"
By the Numbers
Brett Stone-Gross, the director of threat intelligence at Zscaler, underlined the complexities involved in interpreting SEC filings. “I've seen multiple companies that are publicly traded that report certain expenses related to breaches; however, it can be misleading due to the influence of cyber insurance on how payouts and losses are recorded," he said.
The situation brings to light critical discussions concerning corporate accountability and transparency in the face of cyber threats. Not only does it highlight the growing menace of ransomware attacks, but it also raises questions about how companies handle disclosures concerning such breaches and their financial ramifications.
As organizations continue to navigate an increasingly perilous cybersecurity landscape, the ongoing mystery surrounding the $75 million payment made to Dark Angels serves as a cautionary tale. It underscores the importance of rigorous cyber defenses and the intricate dance of managing public trust while safeguarding sensitive data. The lingering questions about accountability, effective response strategies, and the integrity of financial disclosures remain pressing matters as industries work to address the realities of cybercrime moving forward.
