Dark Angels Executed Historic Crypto Heist

The hacking group Dark Angels has successfully carried out the largest cryptocurrency heist in history, targeting the drug distributor Cencora. Bloomberg was the first to report this incident on Wednesday.

Cencora, based in Pennsylvania, paid a ransom of $75 million in three bitcoin payments last March.

About Dark Angels

Dark Angels is believed to be a cybercrime syndicate operating out of Russia. They first appeared in 2021 and have targeted various sectors, including healthcare, finance, government, and education. In August, security firm Zscaler ThreatLabz identified Dark Angels as the primary ransomware threat for 2024, revealing that an unnamed company had paid out $75 million following a data breach.

According to Zscaler, “The Dark Angels group employs a highly targeted approach, typically attacking a single large company at a time,” which contrasts with most ransomware groups that target victims indiscriminately.

In 2023, Dark Angels demanded $51 million from Johnson Controls, although it remains unclear if the full amount was paid.

Incident Details

Cencora initially revealed the breach in a July regulatory filing, labeling it a “material cybersecurity incident” discovered in February. The stolen data comprised personally identifiable information (PII) and protected health information, primarily from a subsidiary providing patient support services. CFO James F. Cleary stated that the company has contained the incident and is undertaking ongoing remediation efforts.

Interestingly, the original ransom demand was $150 million, which would have exceeded the previous highest ransom of $40 million paid by CNA Financial Corp in 2021.

Cencora has engaged cybersecurity experts to enhance IT systems and prevent future cyberattacks. Blockchain investigator ZachXBT claims to have identified the blockchain transactions related to the payments made to Dark Angels, commenting on the lack of transparency from Cencora regarding these transactions.

As of now, it is unclear whether Dark Angels has deleted the stolen data, which includes sensitive details such as clients’ names, addresses, dates of birth, diagnoses, and prescriptions, nor is there clarity on the number of individuals affected.

Ransomware remains a rampant issue, especially within the crypto sector. Research firm Chainalysis estimated that over $450 million was lost due to ransomware attacks in the first half of 2024, signaling a potential record-breaking year for such attacks.