A group of hackers known as the Dark Angels has executed the largest recorded cyber ransom, making off with $75 million in Bitcoin after breaching the systems of drug distributor Cencora. This incident has drawn significant attention, not only for the scale of the ransom but also for the implications it raises regarding cybersecurity in the pharmaceutical industry.
Cencora, which has a market value of approximately $46 billion and generated $262 billion in revenue in the last fiscal year, first detected unusual activity in February 2024. In their filings with regulators, the company disclosed that by July, they had incurred over $31 million in “other” expenses related to the cyberattack. However, the specific ransom amount of $75 million was notably omitted from these reports.
Initially, the Dark Angels demanded a ransom of $150 million, but after negotiations, Cencora managed to reduce the figure by half. A representative for the company declined to comment on the details, stating that they do not engage in rumors or speculation.
Blockchain investigator ZachXBT highlighted the Bitcoin transactions linked to the ransom on social media. The payments, made in multiple transactions, were traced back to addresses associated with criminal activities. Cencora made a payment of 296.5 BTC on March 7, followed by 408 BTC and another 387 BTC on March 8. These transactions came from a single source, revealing a concerning connection to illicit activities on the blockchain.
ZachXBT criticized Cencora for not being transparent about the transactions, stating, “It’s a bad look when a large publicly traded company like Cencora does not share the BTC transactions for the $75M payment.”
This cyberattack on Cencora is part of a broader surge in cybercrime targeting the pharmaceutical sector. The FBI has noted a significant increase in scams, particularly through Bitcoin ATMs, where victims are often tricked into sending large sums. In 2023, illegal crypto transactions reached a staggering $34.8 billion, with ransomware payments exceeding $1 billion.
Despite the enormity of the ransom, Cencora reported to the SEC that their overall financial health would not be adversely affected. The company claimed there was no evidence that the stolen information, which included sensitive data such as names, addresses, medical diagnoses, and prescriptions, would be made public.
Illegal activities facilitated by cryptocurrency have seen a dramatic increase, with scams and fraud accounting for about $12.5 billion in 2023. The persistent demand for illicit drugs, particularly fentanyl, has further fueled the growth of cybercrime, with criminals leveraging cryptocurrency for anonymity in transactions.
Notably, TRON emerged as a primary platform for illegal transactions in 2023, handling approximately 45% of all illicit crypto volume. Ethereum and Bitcoin followed with 24% and 18%, respectively. Tether (USDT) was implicated in about $19.3 billion worth of criminal activity.
In response to the growing threat of cybercrime, the Biden administration has pushed for enhanced cybersecurity measures across critical sectors. The SEC has mandated public companies to disclose significant cybersecurity incidents, which was a requirement that led to Cencora’s public acknowledgment of the breach. However, industry experts argue that regulatory frameworks are still struggling to keep pace with the rapidly evolving landscape of cyber threats.
As the incident with Cencora illustrates, the intersection of cybersecurity and cryptocurrency continues to present challenges and opportunities for businesses and regulators alike. The situation serves as a stark reminder of the vulnerabilities that exist within even the most established organizations in today’s digital landscape.
September 2024, Cryptoniteuae