Türkçe
Español
Some significant events reveal their details much later, and what Cencora experienced is remarkable. A report published by Bloomberg, based on familiar sources, along with research from Zach, presents intriguing insights. Ranked 11th on the Fortune 500 list, this pharmaceutical giant owns several large subsidiaries. So, what are the details surrounding the Bitcoin 
$110,917 ransom payment?
Record Bitcoin Ransom
In March, the company made payments in three installments, with an initial ransom demand of $150 million. The attack discovered in February resulted in data being compromised. In their quarterly report in July, Cencora documented cybersecurity costs. The attacking group, known as Dark Angels, received a $75 million payout against their $150 million demand.
Chainalysis and Zscaler reported that the attackers received a substantial payment from on-chain activity. This historic $75 million ransom payment surpassed the $40 million paid by CNA Financial in 2021, positioning Cencora at the top of the list for the largest cyber ransom payment ever.
Charles Carmakal, Chief Technology Officer of Mandiant Consulting, Google’s cybersecurity unit, mentioned that while such large payments are not common, they do occur without public knowledge.
Information revealed that attackers accessed personal data, including names, addresses, birth dates, diagnoses, prescriptions, and medications belonging to clients in February. According to Chainalysis, the amounts of ransom payments have been increasing year on year, with average payments rising from $200,000 last year to $1.5 million in June. Reports indicate that total ransom payments in 2023 have already reached $1 billion, with even more payments made this year.
Ransom Payment Addresses
ZachXBT, a crypto crime detective, disclosed the addresses belonging to the attackers following the report. The fact that payment was made in three installments in March facilitated his identification of the attackers’ addresses. He stated the following:
“I think it’s unfortunate that a major public company like Cencora did not share BTC transactions related to their $75 million payment to the Dark Angels ransomware group, so I will publish them just for them.
296.5 BTC – March 7, 2024, 10:04 UTC
e3e203db2752edeb5bb716a77ed30f977bee70b06cefecd69d1c38921ad5d1b2
408 BTC – March 8, 2024, 7:45 UTC
db4a0742aa2fe67c20f02642bb776fb4140cf32beca43b7552435f5eddb58d92
387 BTC – March 8, 2024, 9:39 UTC
bf408baa4d6598a42a6852012fe412514ff7bb70ca8a94deb9865c9b46f19ddf
Additionally, all three addresses were funded from the same source, and the funds were transferred to addresses with high exposure to illegal funds.”
