Victim Name | Array Networks |
Screenshots of Files Available | YES |
Detailed List of Files and content available? | N/A |
Post Date | February 28, 2024 |
Download Links to Exfiltrated Data Dump Files? | N/A |
Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any files or stolen information. Any legal concerns regarding the content should be directed at the attackers, not HookPhish. This blog is dedicated to posting editorial news, alerting readers about companies falling victim to ransomware attacks. HookPhish has no affiliation with ransomware threat actors or groups, and it does not host infringing content. The information on this page is automatically generated and redacted, sourced directly from the Onion Dark Web Tor Blogs pages.
Dark Angels Ransomware Group
The Dark Angels ransomware group is a cybercriminal organization that emerged in May 2022. They are known for their double extortion tactics, which involve not only encrypting the victim’s files but also stealing data and demanding payment to prevent its release. The group’s code for Windows-focused payloads is derived from the leaked Babuk builders, with nearly identical features. In late 2023, they developed payloads targeting Linux/ESXi systems, which are not derived from Babuk but have a bespoke codebase similar to RagnarLocker. Dark Angels has targeted various industries, including healthcare, government, finance, and education. In September 2023, they attacked Johnson Controls, an automation and manufacturing company, and locked their VMWare ESXi servers. Detection of Dark Angels ransomware requires a combination of technical and operational measures to identify suspicious network activity. SentinelOne’s Singularity XDR Platform can identify and stop activities related to Dark Angels ransomware.
Citations:
- [1] https://www.sentinelone.com/anthology/dark-angels-team-ransomware/
- [2] https://www.sentinelone.com/blog/dark-angels-esxi-ransomware-borrows-code-victimology-from-ragnarlocker/
- [3] https://www.bleepingcomputer.com/news/security/building-automation-giant-johnson-controls-hit-by-ransomware-attack/
Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any files or stolen information. Any legal concerns regarding the content should be directed at the attackers, not HookPhish. This blog is dedicated to posting editorial news, alerting readers about companies falling victim to ransomware attacks. HookPhish has no affiliation with ransomware threat actors or groups, and it does not host infringing content. The information on this page is automatically generated and redacted, sourced directly from the Onion Dark Web Tor Blogs pages.