Hackers get $75M in Bitcoin ransom from drug distributor Cencora

A group of hackers called the Dark Angels made off with $75 million in BTC after hacking into the systems of drug distributor Cencora.

This is the largest cyber ransom ever recorded, according to people who know the details but don’t want to be named. 

These criminals demanded $150 million at first, but Cencora negotiated for a cut by 50%.

Cencora first noticed something wrong in February, according to a filing they made with regulators. 

By July, a quarterly report showed the company had racked up over $31 million in “other” expenses related to a cyberattack. 

The $75 million ransom figure was carefully omitted. A Cencora representative said the company doesn’t comment on rumors or speculation. 

They also avoided specifics when asked about what the $31.4 million in expenses actually went toward.

But blockchain investigator ZachXBT took to Twitter to post details of the Bitcoin transactions, saying: 

“I think it’s a bad look when a large publicly traded company like Cencora does not share the BTC transactions for the $75M payment to Dark Angels ransomware group so I will just post it for them.” 

The first Bitcoin payment made by Cencora was 296.5 BTC on March 7, 2024. The second was 408 BTC on March 8, and then another 387 BTC later that day. 

Zach traced the payments, revealing that all three transactions came from the same source and flowed to addresses already tied to illegal activities. 

Image

The funds were spread to various addresses with links to other criminal activities on the blockchain.

Cencora had a big target on its back. They have a market value of about $46 billion and made $262 billion in revenue in the last fiscal year. 

They were previously known as AmerisourceBergen. 

But even with the massive ransom payout, Cencora reported to the SEC that their financial health wouldn’t take a hit. 

In other words, it’s business as usual. They also claimed that there’s no sign that the stolen information has been or will be publicly released.

Two months after they admitted to the hack, the company started notifying people and state authorities that private information was stolen. 

This included names, addresses, birth dates, medical diagnoses, prescriptions, and medications.

This attack comes as part of a much bigger wave of cybercrime in the industry. 

In 2023 alone, the total volume of illegal crypto transactions was around $34.8 billion.

While that’s lower than the $49.5 billion from the year before, illicit crypto activity still makes up a massive part of the industry. 

Ransomware payments, like the one Cencora made, took home over $1 billion. 

This set a new record, with cybercriminals getting bolder and better at pulling off these kinds of heists.

Scams and frauds pulled in around $12.5 billion. Also slightly less than the $13.9 billion from 2022, but it’s still a lot of money.

The FBI says a lot of these scams came through Bitcoin ATMs, where victims were tricked into sending an average of $10,000 each.

The persistent demand for drugs like fentanyl is a huge catalyst, with cybercriminals using crypto to facilitate these sales.

Moreover, illegal addresses sent about $22.2 billion via many services. 

Terrorist organizations have also been using crypto to fund their operations. We all know that crypto’s ability to provide some level of anonymity makes it attractive to criminals.

Looking at the trends, TRON has become a major platform for illegal transactions. It hosted around 45% of all illicit crypto volume in 2023. 

Ethereum came in second at 24%, and Bitcoin itself accounted for about 18%. Tether (USDT) was involved in about $19.3 billion worth of criminal activity.

The Biden administration has been trying to push for more cybersecurity measures in critical sectors, but they’ve met with resistance. 

The SEC now requires public companies to report big cybersecurity incidents, which is why Cencora had to disclose their breach. 

But they’re still unable to keep up.

Source: https://www.cryptopolitan.com/dark-angels-hack-cencora-75m-bitcoin-ransom/