In a significant cybersecurity breach, pharmaceutical giant Cencora faced a massive ransom attack, leading to a record-breaking Bitcoin payment. Details of this incident emerged through a Bloomberg report and insights from cybersecurity experts. Ranked 11th on the Fortune 500 list, Cencora’s experience underscores the growing threat posed by ransomware attacks. The company faced a $150 million ransom demand, leading to notable cybersecurity expenses reported in their July financial disclosures.
How Did the Attack Unfold?
The attack, traced back to February, saw hackers compromising sensitive data, including personal and medical information of clients. In March, Cencora made payments in three separate transactions, totaling $75 million, to the notorious Dark Angels group. This payment set a new record, surpassing the previous high of $40 million paid by CNA Financial in 2021. The transaction was confirmed by Chainalysis, highlighting the increasing frequency and cost of such ransom demands.
Who Are the Dark Angels?
The Dark Angels, a group known for high-stakes cyber extortions, orchestrated the attack on Cencora. Their operation involved demanding large sums of cryptocurrency, relying on the anonymity that digital transactions offer. According to Charles Carmakal, CTO of Mandiant Consulting, while such large payments are rare, they do occur without public acknowledgment, suggesting that there might be more undisclosed incidents.
– $75 million paid in Bitcoin, a record-breaking ransom.
– Attackers accessed personal and medical data in February.
– Cencora’s payment exceeded CNA Financial’s $40 million in 2021.
– Average ransom payments have increased to $1.5 million by June.
– Total ransom payments in 2023 have reached $1 billion.
ZachXBT, a renowned crypto crime investigator, identified the Bitcoin addresses used in the transactions, which were distributed across three installments in March. This disclosure shed light on the attackers’ operational methods and highlighted gaps in public transparency regarding such incidents. The funds were traced to addresses linked with illegal activities, raising concerns over the use of cryptocurrencies in facilitating cybercrime.
Cencora’s experience reflects the increasing sophistication of cybercriminals and the growing challenges faced by major corporations. As companies continue to navigate these threats, transparency and enhanced cybersecurity measures are critical to safeguarding sensitive data and preventing future breaches.
