Dark Angels Exposed
Oct. 9, 2024, 8:05 a.m.
Tags
External References
Description
The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Read the Manual (RTM) Locker for Windows, and a RagnarLocker variant for Linux/ESXi systems. Dark Angels emphasizes data theft over file encryption, often demanding payment to prevent data leaks. Their tactics include network infiltration, lateral movement, and selective ransomware deployment based on potential business disruption. The group has claimed a record $75 million ransom payment and operates a data leak site called Dunghill Leak.
Date
Published: Oct. 8, 2024, 10:49 p.m.
Created: Oct. 8, 2024, 10:49 p.m.
Modified: Oct. 9, 2024, 8:05 a.m.
Attack Patterns
Read the Manual (RTM) Locker
Vasa Locker
Babyk
Babuk - S0638
RagnarLocker
Dark Angels
T1490
T1012
T1552
T1114
T1087
T1005
T1021
T1489
T1486
T1082
T1083
T1543
T1055
T1027
T1053
T1112
T1041
T1566
T1190
T1078
Additional Informations
Technology
Healthcare
Telecommunications
Manufacturing
Virgin Islands, U.S.