ZScaler’s Brett Stone-Gross on the Tactics of the Dark Angels Ransomware Group (Black Hat Edition)

In our latest special episode of the Future of Threat Intelligence podcast, Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, joins us at the Black Hat conference. He shares their uncovering of the largest ransomware payment in history — $75 million — made by a Fortune 50 company to the Dark Angels group. 

Brett explains the group's unique approach, which involves stealing vast amounts of data without encrypting files, and their preference for low-volume, high-impact attacks to evade media scrutiny. He also highlights essential cybersecurity measures, such as implementing two-factor authentication and adopting a zero-trust architecture to protect against such threats. 

Topics discussed:

• How the Dark Angels group executed the largest ransomware payment in history, totaling $75 million.  
• How, unlike typical ransomware attacks, the group stole data without encrypting files, exfiltrating approximately 100 terabytes of sensitive information.  
• How their operational model is low-volume, focusing on individual companies to avoid media attention and maintain a low profile.  
• The importance of basic IT hygiene practices, such as two-factor authentication, which are crucial for preventing significant data breaches and ransomware attacks.  
• How implementing a zero-trust architecture can help organizations limit lateral movement and enhance overall cybersecurity defenses against threats.  

Key Takeaways: 

• Implement two-factor authentication to enhance security and reduce the risk of unauthorized access to sensitive corporate data.  
• Monitor network traffic for anomalous behavior, especially large data transfers, to quickly identify potential data exfiltration attempts.  
• Adopt a zero-trust architecture to limit lateral movement within your network and ensure users only access necessary resources.  
• Limit user privileges, ensuring that users have only the access necessary for their roles.  
• Stay informed about emerging ransomware trends and tactics to proactively adjust your cybersecurity strategies and defenses.   

If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0