Cencora Ransomware Hackers Receive $75 Million Payout

Reading Time: 2 minutes
  • Hackers behind the Cencora cyberattack have received a $75 million ransom payment, the largest known in history
  • The payment was made in three Bitcoin installments, with the original ransom demand set at $150 million
  • Cencora reported the breach in February, and the cyberattack exposed sensitive personal and medical information

Drug distributor Cencora has reportedly paid $75 million to hackers following a major cyberattack, marking the largest known cyber extortion payout. According to Bloomberg, the ransom was paid in three bitcoin installments after an initial demand of $150 million. Cencora, which first discovered the breach in February, confirmed in a regulatory filing that personal data, including patient diagnoses and prescriptions, had been compromised.

Largest Cyber Ransom Payment to Date

Cencora, formerly known as AmerisourceBergen, is a major player in the pharmaceutical distribution industry, with a market capitalization of $46 billion and revenue of $262 billion in the last fiscal year

The company has not publicly confirmed the ransom payment, but a representative pointed Bloomberg towards previously disclosed cybersecurity expenses. Following the news, Cencora’s stock dropped by 3.1% to $227.20.

Hospitals and healthcare providers have become frequent targets for cybercriminals due to the vast amounts of sensitive data they hold. In February, Change Healthcare, a division of UnitedHealth Group, faced a similar cyberattack that exposed patient data and led to a $22 million ransom payment. Experts believe that these escalating ransom demands are driven by the healthcare sector’s critical need to quickly restore operations after an attack.

The $75 million payout eclipses the previous record for cyber extortion, which stood at $40 million and was paid by CNA Financial Corp. in 2021. Brett Callow, managing director at FTI Consulting, warned, “Lottery jackpot-level payouts like this make the health and medical sector a more attractive target than it already is.”

Dark Angels Responsible

The hacking group responsible, known as Dark Angels, was first identified as the recipient of the ransom in July by cybersecurity firms Zscaler and Chainalysis. However, Bloomberg’s recent reporting marks the first time Cencora has been publicly confirmed as the victim of the attack.

Dark Angels reportedly used ransomware to both lock down Cencora’s systems and steal sensitive data, which they threatened to release if the ransom wasn’t paid. Cencora, in its July report, stated that $31.4 million in expenses incurred during the first nine months of 2023 were linked to the cyberattack.

While the company has assured regulators that it does not believe any stolen information has been publicly disclosed, cybersecurity experts caution that paying a ransom does not guarantee that hackers will refrain from releasing the data in the future.

Share