Darkangel
Description
Dark Angels is a highly targeted ransomware and data-extortion group that emerged in spring 2022. Rather than using an affiliate-driven model, it orchestrates discreet, high-impact attacks on large organizations—often choosing one Fortune-level victim at a time. The group exfiltrates massive volumes of data (sometimes 10–100 TB), optionally deploys encryption on Windows or ESXi systems, and pressures victims via a Tor-hosted leak platform ("Dunghill Leak"). Their notable incidents include extorting a record $75 million from a Fortune 50 company in 2024 and demanding around $51 million from Johnson Controls. Dark Angels’ operations emphasize stealth and precision over disruption, often avoiding high-profile media exposure and operating with low operational visibility.
| External Analysis |
| https://www.zscaler.com/blogs/security-research/shining-light-dark-angels-ransomware-group |
| https://www.isaca.org/resources/news-and-trends/industry-news/2024/darkangels-strikes-big-record-breaking-ransom-secured |
| https://www.sentinelone.com/anthology/dark-angels-team-ransomware/ |
| # sentinelone published nov 30 2022 with april 2025 update |
| https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/ |
| https://www.mphasis.com/content/dam/mphasis-com/global/en/home/services/cybersecurity/dark-angels-ransomware-apr28-22-5.pdf |
| Urls |
Screen |
| https://wemo2ysyeq6km2nqhcrz63dkdhez3j25yw2nvn7xba2z4h7v7gyrfgid.onion/ |
|