Dark Angels Ransomware Attacking Windows And Linux-ESXi Systems
The Dark Angels ransomware group, active since 2022 and originating from Russian-speaking regions, has been targeting large companies for high-value ransom payments. They use third-party ransomware payloads such as Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux/ESXi systems. The group employs a strategic approach to minimize business disruption, often stealing data and demanding payment to prevent its release, even if they do not deploy ransomware. They have evolved their tactics, expanded their target base, and demonstrated resilience against law enforcement actions. The group uses phishing emails and exploits vulnerabilities, like CVE-2023-22069, to infiltrate networks, escalate privileges, and exfiltrate sensitive data. They focus on stealth and precision in their attacks, which has allowed them to remain relatively unknown and successfully extort large sums, including a record $75 million ransom payment in March 2024. Their encryption process involves adv CVEs: CVE-2023-22069 Malware: Babuk, Babuk(Linux), Babuk(Windows), DarkAngels [View Article](https://gbhackers.com/dark-angels-ransomware-attack/)