Key takeaways
- Cencora paid $75 million in Bitcoin, the largest known cyber extortion payment to date.
- The healthcare sector is increasingly the target of high-value ransomware attacks.
Share this article
Cencora Inc., a major drug distributor, paid $75 million in Bitcoin (BTC) to hackers following a ransomware attack, the largest known cyberextortion payment to date. As Bloomberg reported, the payment was made in three installments in March after Cencora discovered a data breach in February.
Blockchain sleuth ZachXBT identified the three transactions, totaling 1,091.5 BTC, using on-chain data and shared them on X. The first transaction of 296.5 BTC was made on March 7, a second transaction of 408 BTC was made the next day, and the remaining 387 BTC was sent less than two hours later.
“Additionally, all three addresses were funded by the same source and the funds were routed to addresses with high exposure to illicit funds,” ZachXBT added.
The hackers, identified as the Dark Angels group, initially demanded $150 million. Cencora, formerly known as AmerisourceBergen, has a market capitalization of about $46 billion and generated $262 billion in revenue in the last fiscal year.
“Lottery jackpot-sized wins like this make the healthcare and medical sector more attractive than it already is. We’re not talking about Ferrari-sized amounts. We’re talking army-sized amounts,” said Brett Callow, managing director of FTI Consulting.
Charles Carmakal, technical director at Mandiant Consulting, confirmed that while such large payments are not common, they do happen.
The breach resulted in the theft of personal data, including names, addresses, dates of birth, diagnoses, prescriptions and medications. Cencora’s quarterly report for July indicated $31.4 million in expenses related to the cybersecurity incident.
Ransomware attacks are increasing
Blockchain analytics firm Chainalysis revealed in its “2024 Crypto Crime Mid-Year Update” that on-chain transactions related to illicit funds are down nearly 20% year-to-date compared to 2023.
Yet, security incidents involving stolen funds and ransomware attack vectors are on the rise. Ransomware flows increased by about 2%, from $449.1 million to $459.8 million.
The Cencora episode increased the ransom payment for the most severe ransomware from less than $200,000 in early 2023 to $1.5 million in mid-June 2024.
According to Chainalysis, this suggests that these ransomware strains are targeting large enterprises and critical infrastructure providers, as they are more likely to pay high ransoms due to their deep pockets and systemic importance.
Share this article
