How Cencora’s $75 Million Ransom Became a Cybersecurity Wake-Up Call

It was just another ordinary day for Cencora Pharmaceuticals on 21 February 2024—business humming along as usual. A Pennsylvania juggernaut raking in $262 billion annually and ranked No. 18 on the Fortune Global 500, Cencora was a pillar of the pharmaceutical world. But by the day’s end, it became the centre of a global cybersecurity storm.

The culprit? A jaw-dropping ransomware that forced the company to cough up a record-breaking $75 million ransom.

Here’s what happened—and the lessons your business can’t afford to ignore.

The $75 Million Heist

The nightmare began when Cencora discovered their sensitive data had been stolen. But this wasn’t just any data breach. Hackers accessed critical information—names, birth dates, prescriptions, sensitive health records—putting countless patients and the company itself at risk.

Behind this attack was Dark Angels, a ransomware group with a reputation for toppling giants. Emerging in 2022, they specialise in “Big Game Hunting,” targeting lucrative industries like healthcare, telecom, and finance with military-grade precision.

Their weapon of choice? A cutting-edge, Linux-based ransomware arsenal capable of getting 10 to 100 terabytes of data per victim. For Cencora, it was nothing short of destruction.

Dark Angels infiltrated the company’s network, stealing an estimated 100 terabytes of sensitive data over weeks. They gained administrative access, encrypting critical systems with customised tools. The kicker? Even backups were locked down tight.

When the dust settled, the ransom demand stood at an eye-watering $150 million. After negotiations, that figure dropped—but only to $75 million, delivered in Bitcoin across three payments. Months later, the attack made headlines after cyber experts Zscaler and Chainalysis pieced the story together.

Where Cencora Went Wrong

The most stunning part of this story isn’t just the ransom amount—it’s how easily it could have been avoided.

Dark Angels moved 100 terabytes of data undetected. Think about that. Moving such massive amounts of information should have been a red flag visible from kilometres away.

Brett Stone-Gross, senior director of threat intelligence at Zscaler, put it bluntly, “If terabytes of data are leaving your network, it’s almost never legitimate. These large companies are failing to monitor their networks.”

Cencora’s lack of monitoring gave hackers free rein. The result? A $75 million payment—and a hard-earned lesson in what not to do.

How to Stop Ransomware Without Bleeding Cash

This attack highlights a critical truth: ransomware doesn’t just hit big companies. Anyone can be a target. The question is, are you prepared?

Take these practical steps to protect your business from ransomware and avoid becoming another statistic:

Adopt a Zero Trust Model: Assume no one—inside or outside your organisation—is safe until proven otherwise.

• Limit employee permissions to only what they need.

• Divide your network into smaller sections (micro-segmentation) to stop breaches from spreading.

Enable Multifactor Authentication (MFA): Add an extra layer of security to prevent unauthorised access.

• Combine passwords with one-time codes sent to a trusted device.

Back Up Your Data: Keep multiple copies of critical information and store them securely offsite.

• Regularly test backups to ensure they work.

Watch for Phishing Attempts: Most ransomware starts with one careless click.

• Train your employees to spot dodgy emails.

• Use email-scanning tools to catch malicious links or attachments.

Combat Vishing Attacks: Cybercriminals are now tricking employees through phone scams.

• Teach your team to verify unsolicited calls and never share sensitive information.

Update Systems Regularly: Outdated software is the hacker’s best friend.

• Keep your systems and antivirus software up to date at all times.

Monitor Network Activity: Don’t let unusual behaviour go unnoticed.

• Deploy tools for real-time threat detection.

Create a Response Plan: Be ready for the worst.

• Develop a cybersecurity playbook that outlines who does what when ransomware strikes.

Implement the Essential Eight: Use the exact, government-approved blueprint to protect your business.

• Get proven, practical strategies to shield your business against cyber threats.

• Follow a clear plan to respond effectively to attacks and minimise damage.

Ransomware attacks aren’t a question of if but when. Preparation is your best—and most cost-effective—defence.

Wrapping Up

Ransomware is on the rise, and hackers are getting smarter every day. The Cencora attack is proof that no business is 100% safe. The solution? Act now to stay ahead of the curve. Awareness, preparation, and proactive security are your strongest shields against becoming the next target.

Don’t keep this to yourself. Share this article and help build a stronger defence for everyone. 

ABOUT THE AUTHOR: JARROD RAMSAY

Jarrod’s entrepreneurial journey began at 19, reselling telco services for brands like Telstra, Vodafone and Vocus. Realising he wanted more, he sold his business and dove into Managed IT Services, launched a telco division and built a public cloud platform.

These bold moves weren't just about competition; they're about creating better solutions for his clients.

Today, Jarrod thrives on collaborating with business owners, sharing ideas, and tackling challenges with creative strategies. Whether you're an entrepreneur, a business owner, or an employee responsible for the ICT services at your business, feel free to reach out—he'd love to connect.