RansomLook logo RansomLook

Darkangel

Compare

View crypto

Description

Dark Angels is a highly targeted ransomware and data-extortion group that emerged in spring 2022. Rather than using an affiliate-driven model, it orchestrates discreet, high-impact attacks on large organizations—often choosing one Fortune-level victim at a time. The group exfiltrates massive volumes of data (sometimes 10–100 TB), optionally deploys encryption on Windows or ESXi systems, and pressures victims via a Tor-hosted leak platform ("Dunghill Leak"). Their notable incidents include extorting a record $75 million from a Fortune 50 company in 2024 and demanding around $51 million from Johnson Controls. Dark Angels’ operations emphasize stealth and precision over disruption, often avoiding high-profile media exposure and operating with low operational visibility.

External Analysis6
External Analysis
https://www.zscaler.com/blogs/security-research/shining-light-dark-angels-ransomware-group
https://www.isaca.org/resources/news-and-trends/industry-news/2024/darkangels-strikes-big-record-breaking-ransom-secured
https://www.sentinelone.com/anthology/dark-angels-team-ransomware/
# sentinelone published nov 30 2022 with april 2025 update
https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/
https://www.mphasis.com/content/dam/mphasis-com/global/en/home/services/cybersecurity/dark-angels-ransomware-apr28-22-5.pdf
Urls1
Url
Status
Screen
Uptime 30d
Health
https://wemo2ysyeq6km2nqhcrz63dkdhez3j25yw2nvn7xba2z4h7v7gyrfgid.onion/ Down
Note