Dark Angels Exposed

Oct. 9, 2024, 8:05 a.m.

Description

The Dark Angels ransomware group, active since April 2022, operates with sophisticated strategies targeting large companies for substantial ransom demands. They focus on stealthy attacks, avoiding outsourcing to third-party brokers. The group uses various ransomware payloads, including Babuk and Read the Manual (RTM) Locker for Windows, and a RagnarLocker variant for Linux/ESXi systems. Dark Angels emphasizes data theft over file encryption, often demanding payment to prevent data leaks. Their tactics include network infiltration, lateral movement, and selective ransomware deployment based on potential business disruption. The group has claimed a record $75 million ransom payment and operates a data leak site called Dunghill Leak.

External References

https://www.zscaler.com/blogs/security-research/shining-light-dark-angels-ransomware-group
https://otx.alienvault.com/pulse/6705b6f96e6ce05a4adf5c5d
Tags
ransomware
data exfiltration
babuk
raas
2024-10-08
ragnarlocker
CVE-2023-22069

Date

  • Created: Oct. 8, 2024, 10:49 p.m.
  • Published: Oct. 8, 2024, 10:49 p.m.
  • Modified: Oct. 9, 2024, 8:05 a.m.

Attack Patterns

  • Read the Manual (RTM) Locker
  • Vasa Locker
  • Babyk
  • Babuk - S0638
  • RagnarLocker
  • Dark Angels

Additional Informations

  • Technology
  • Healthcare
  • Telecommunications
  • Manufacturing
  • Virgin Islands, U.S.