Record-Breaking $75 Million Ransom Paid To Dark Angels Gang

[erek]

“The Dark Angels Effect
ZScaler warned that the targeting of a small number of high-value organizations strategy employed by the Dark Angels is a trend that needs to be monitored closely. Given the apparent success in gaining that $75 million payday, you can be sure other criminals will be watching and wanting a slice of that action. “Ransomware defense remains a top priority for CISOs in 2024,” Deepen Desai, chief security officer at Zscaler, said, “The increasing use of ransomware-as-a-service models, along with numerous zero-day attacks on legacy systems, a rise in vishing attacks and the emergence of AI-powered attacks, has led to record breaking ransom payments.””

Source: https://www.forbes.com/sites/daveyw...g-75-million-ransom-paid-to-dark-angels-gang/

 

[GotNoRice]

The only way this will end is if ransom payments to criminals are made illegal. Yeah, that might result in some lost data in the short term. Obviously these companies wouldn't be paying the ransom if the data wasn't extremely valuable. Paying the ransoms just perpetuates these attacks though, and in the end that damage has to be taken into account also.

 

[erek]

The only way this will end is if ransom payments to criminals are made illegal. Yeah, that might result in some lost data in the short term. Obviously these companies wouldn't be paying the ransom if the data wasn't extremely valuable. Paying the ransoms just perpetuates these attacks though, and in the end that damage has to be taken into account also.

I agree legislation to make the payment illegal was my thought exactly

So do you foresee any implications negatively for this though?

 

[GotNoRice]

So do you foresee any implications negatively for this though?

I foresee a lot of angry customers / end-users. It would be painful. If you're a customer of a company and your data gets stolen from that company, you probably don't care if the company pays the ransom or not, you just want your data back.

But in the end it will be those angry customers / end-users who will hold those company's feet to the fire and cause them to actually fix their security issues and/or implement proper backups. Right now it's just too easy for a customer / end-user to "not care" when a company pays a ransom. These decisions to pay the ransoms are being made purely as business decisions, and from a business perspective I don't blame them necessarily, but it's enabling crime. The equation needs to change.

 

[Lakados]

The only way this will end is if ransom payments to criminals are made illegal. Yeah, that might result in some lost data in the short term. Obviously these companies wouldn't be paying the ransom if the data wasn't extremely valuable. Paying the ransoms just perpetuates these attacks though, and in the end that damage has to be taken into account also.

Classify them as terrorists, at which point negotiation and payment is no longer an option and insurance won’t cover it.

Side note if they start a task force to find these guys then it they better name it Unforgiven.

 

[sfsuphysics]

The only way this will end is if ransom payments to criminals are made illegal. Yeah, that might result in some lost data in the short term. Obviously these companies wouldn't be paying the ransom if the data wasn't extremely valuable. Paying the ransoms just perpetuates these attacks though, and in the end that damage has to be taken into account also.

I was thinking it could end of they instead spent the 75M on a hit squad to track down and kill every last person involved with the group

 

[erek]

Classify them as terrorists, at which point negotiation and payment is no longer an option and insurance won’t cover it.

Side note if they start a task force to find these guys then it they better name it Unforgiven.

No insurance even?

 

[wareyore]

The government that stated as a matter of policy they will not negotiate with terrorists, while negotiating with terrorists, has no business telling me who to negotiate with.

Criminalizing victims is wrong.

You can't insure a criminal act. I don't even think Lloyd's would write a policy for you.

 

[Darunion]

I agree legislation to make the payment illegal was my thought exactly

So do you foresee any implications negatively for this though?

What would be the punishment for it? A fine? Then that would just be calculated into the losses and the ransom payment. Also this would likely be at the state level so each state would be different. Companies would move their datacenters to states that have more favorable laws in that regard.

In regards to insurance, we really don't need more insurance in the world.

 

[erek]

The government that stated as a matter of policy they will not negotiate with terrorists, while negotiating with terrorists, has no business telling me who to negotiate with.

Criminalizing victims is wrong.

You can't insure a criminal act. I don't even think Lloyd's would write a policy for you.

Even with a blank check? Does
Money talk?

—-

“Among these include the ability to borrow against the cash value of the policy and to make cash value withdrawals. When you take a loan against your policy, your insurer lends you the money and uses the cash in your policy as collateral—you do not actually withdraw any money from the policy itself.”

 

[Zarathustra[H]]

These decisions to pay the ransoms are being made purely as business decisions, and from a business perspective I don't blame them necessarily, but it's enabling crime. The equation needs to change.

I say we just find them and drone them with complete and utter disregard for international jurisdiction borders.

 

[LukeTbk]

Also this would likely be at the state level so each state would be different.

Like the current "you cannot pay terrorist organization ransom" is federal level and that could be a congress law (as the criminal party getting the ransom tend to be out of the company state, international even, making it an easy commerce clause for congress) .

They could make exception and probably would have too, imagine a very reasonable price to reboot an hospital or the power grid.... and not being able to do it.

FBI dealt with terrorist for the 2015 Somali pirates hostages, there principal and rules but there also practical reality and as always compromise without good answers.

 

[GotNoRice]

Criminalizing victims is wrong.

Are the penny-pinching executives and/or incompetent system administrators really the "victims"? It's the people who are affected by the data loss / outages who are the real victims, and paying the ransom is just making the problem worse.

 

[Lakados]

No insurance even?

Not if they are declared terrorist organizations, current cyber crime policies cover it because insurance agencies can file that back and get the federal government to cover it, yea that’s not bullshit…
But government doesn’t condone negotiating with terrorists so they won’t cover that, so the insurance agencies will stop as well.

That’s also why I feel the government takes it so lightly because it’s their way of handing out money to big corporations and insurance agencies on the down low.

 

[Jabroni31169]

I'm just here to say that I hate zscaler

 

[GotNoRice]

What would be the punishment for it? A fine? Then that would just be calculated into the losses and the ransom payment.

Then make the fine big enough to throw off the calculation. 10x whatever the ransom was, jumping to 20x, 30x, with each successive violation.

Or just start throwing important people in prison.

 

[LukeTbk]

Are the penny-pinching executives and/or incompetent system administrators really the "victims"? It's the people who are affected by the data loss / outages who are the real victims, and paying the ransom is just making the problem worse.

The idea that victim of such attack are automatically low security budget or incompetent need to stop, as if it was not a really challenging affair. A serious tech company like AMD (if the 2023 IntelBroker data breach was real), with a very serious anti-espionage and all around cybersecurity system, for data human employee can have access too they're always a risk.

It is usually not necessarily data loss (backup can take care of that usually), it can be we will leak a copy of your data turning all your user into victim or we will not make it easy for hospital to operate, making patient victim.

Has for victims, clients, partners, stockholder, employee, leadership that will lose their jobs, anything that happen to a company will fall down a bit on all of them.

Then make the fine big enough to throw off the calculation. 10x whatever the ransom was, jumping to 20x, 30x, with each successive violation.

This could tend to keep the issue secret from the authority and make the crypto payment on the downlow, specially for private entity.

 

[wareyore]

Are the penny-pinching executives and/or incompetent system administrators really the "victims"? It's the people who are affected by the data loss / outages who are the real victims, and paying the ransom is just making the problem worse.

Yeah, always the fault of the people who are not the criminals.

What exactly was the data they paid the ransom to recover?

The reason lawmakers want us conditioned to blame businesses and individuals who are victims themselves is because they need to sacrifice something to the mob and those victims are easily found and burned at the stake for negligence or whatever. Law enforcement, prosecutors, defense attorney's, insurance companies, ambulance chasers all like these sorts of laws.

So, same would apply when you park your car anywhere and it gets broken into. It's your fault. So, you should be fined for your car getting broken into or stolen since you didn't do enough to protect it.

Same for your house or real property. You lose your tools in your garage, your fault. Wife raped and killed in your bedroom, get fined, do some jail time. It's all your fault.

 

[wareyore]

Even with a blank check? Does
Money talk?

—-

“Among these include the ability to borrow against the cash value of the policy and to make cash value withdrawals. When you take a loan against your policy, your insurer lends you the money and uses the cash in your policy as collateral—you do not actually withdraw any money from the policy itself.”

You can buy protection in case you are a victim of a criminal act, like kidnapping and cyber crimes.

Good luck getting a policy for a criminal act. Give it a shot.

You can't borrow against all insurance policies.

You probably would be better informed if you reviewed a policy specific to cyber crimes, in this case, a ransomware attack. See what it covers, etc.

 

[GotNoRice]

Yeah, always the fault of the people who are not the criminals.

Maybe it's "not their fault" that their systems were compromised, but it is their fault when they make a willful decision to pay large sums of money to criminals.

If no one paid the ransom, there would be no ransomware. Would people still get their systems compromised for other reasons? Of course. But making it less profitable would be a good start...

 

[Darunion]

Maybe it's "not their fault" that their systems were compromised, but it is their fault when they make a willful decision to pay large sums of money to criminals.

If no one paid the ransom, there would be no ransomware. Would people still get their systems compromised for other reasons? Of course. But making it less profitable would be a good start...

It's illegal to buy stolen goods, yet there is still a ton of stuff being stolen and sold.

I get what you are saying, but its already illegal to compromise the systems, and that isnt stopping it.

And the low end part of this, the parents or grandparents whatever that just need their pictures and house documents back, are just going to pay the ransom as there will be no task force to help them out or get their stuff back.

System security from business to home users needs beefed up a TON and not sure what the best way is to do that to move forward.

 

[Shoganai]

Maybe companies should start investing is less retarded IT.

 

[Tsumi]

Yeah, always the fault of the people who are not the criminals.

What exactly was the data they paid the ransom to recover?

The reason lawmakers want us conditioned to blame businesses and individuals who are victims themselves is because they need to sacrifice something to the mob and those victims are easily found and burned at the stake for negligence or whatever. Law enforcement, prosecutors, defense attorney's, insurance companies, ambulance chasers all like these sorts of laws.

So, same would apply when you park your car anywhere and it gets broken into. It's your fault. So, you should be fined for your car getting broken into or stolen since you didn't do enough to protect it.

Same for your house or real property. You lose your tools in your garage, your fault. Wife raped and killed in your bedroom, get fined, do some jail time. It's all your fault.

There's something in law called negligence, and you can be held liable for negligence. Of course, it doesn't carry the same penalty as the crime itself but it does hold you partially liable.

In this case, the apt analogy would be leaving a security flaw for the sake of convenience or cost cutting. For example, the thief breaks into your home using the spare key you left under the doormat. They then proceed to find your gun which you were too cheap to buy a safe for and left out in the open. Then someone is killed with said gun. You wouldn't be guilty of murder, but you can be guilty of enabling it. Just like the CEO should be held guilty of negligence for skimping on proper IT support and enabling successful ramsonware attacks.

 

[d3athf1sh]

Maybe companies should start investing is less retarded IT.

buh but muh dei and esg

/s

guess it's not just a problem for game devs, airlines and secret service?

 

[sfsuphysics]

Criminalizing victims is wrong.

Is it really the victims who are being criminalized though? When a company passes on the cost of a ransom to all the customers, all under the guise of "the cost of doing business" they're making others pay ransoms for their negligence. It's like all the California wildfires, oooh PG&E sued for record amount... PG&E didn't pay shit, all of us customers who have no other options than PG&E for our power are paying off the lawsuits.

 

[LukeTbk]

Is it really the victims who are being criminalized though? When a company passes on the cost of a ransom to all the customers, all under the guise of "the cost of doing business" they're making others pay ransoms for their negligence. It's like all the California wildfires, oooh PG&E sued for record amount... PG&E didn't pay shit, all of us customers who have no other options than PG&E for our power are paying off the lawsuits.

Exactly would pay the fine being proposed, if the victims are the clients and you fine them (because fining the company is fining their clients if they really do pass all the cost I really doubt that always possible and the case too) ?

Trying to distinguish who pay between employee, owners, clients, business partner is always a bit really hard, money being 100% fungible, the answer will tend to be all of them.

Here we say company, but hospital, municipal water system controller, school and states institutions of all sorts are a very common target of that type of attack.

 

[wareyore]

There's something in law called negligence, and you can be held liable for negligence. Of course, it doesn't carry the same penalty as the crime itself but it does hold you partially liable.

In this case, the apt analogy would be leaving a security flaw for the sake of convenience or cost cutting. For example, the thief breaks into your home using the spare key you left under the doormat. They then proceed to find your gun which you were too cheap to buy a safe for and left out in the open. Then someone is killed with said gun. You wouldn't be guilty of murder, but you can be guilty of enabling it. Just like the CEO should be held guilty of negligence for skimping on proper IT support and enabling successful ramsonware attacks.

Is it really the victims who are being criminalized though? When a company passes on the cost of a ransom to all the customers, all under the guise of "the cost of doing business" they're making others pay ransoms for their negligence. It's like all the California wildfires, oooh PG&E sued for record amount... PG&E didn't pay shit, all of us customers who have no other options than PG&E for our power are paying off the lawsuits.

What data was compromised? Was it third party PII? Or company confidential info? Hyper missile nuclear rocket plans? Epstein's client list?

What exactly was the vector? Ransomware is all the info given.

Paywalled article so I can't see specifics. So, I say, the company who had their data compromised by a criminal organization is the victim. The government should focus on the real criminals.

 

[Shoganai]

Paywalled article so I can't see specifics.

It's 2024. How are you unable to access paywalled articles? Brave has a paywall bypass filter built in and other browsers have this.

I can see the article just fine.

 

[wareyore]

It's 2024. How are you unable to access paywalled articles? Brave has a paywall bypass filter built in and other browsers have this.

I can see the article just fine.

And?

 

[Tsumi]

What data was compromised? Was it third party PII? Or company confidential info? Hyper missile nuclear rocket plans? Epstein's client list?

What exactly was the vector? Ransomware is all the info given.

Paywalled article so I can't see specifics. So, I say, the company who had their data compromised by a criminal organization is the victim. The government should focus on the real criminals.

You're strawmanning the argument. We aren't just about this specific incident, this is about ransomware incidents in general.

The company with the data compromised is a victim, that isn't being argued. The argument is that they are a negligent victim that opened themselves to the attack. If a 3rd party was compromised, that 3rd party leadership can be considered negligent. Point being, yes, go after the criminals, but don't ignore the executive decisions that made the ransomware attack successful. The goal is to make companies proactive about security rather than reactive.

 

[Shoganai]

And?

I didn't realize my comment needed further explanation.

 

[Tengis]

Lets all hope that one day they put the ransomware on some crazy persons systems and they use their resources to hire a strike team to track them down and wipe them out.

 

[socK]

Maybe companies should start investing is less retarded IT.

Doesn't even have to be on IT.

I worked for a company that got ransomed. We knew about a vulnerable system (that wound up being the entry point) two years before it happened. We tried a dozen times to get it replaced. Literally every attempt to do _anything_ was shot down, absolutely couldn't get jack shit approved because:

1. The powers that be didn't want to spend any time or money fixing/replacing it
2. What we had technically worked

One meeting turned into an actual shouting match where our security guy was finally losing his mind. He quit before it hit the fan.

And that's how I wound up working until I passed out at the wheel while at a stop light in my car.

Do not recommend, run from these fucking companies