Ransomware companies had a number of fundamental security flaws that meant victims never had to pay up
A security researcher has revealed how the discovery of a series of relatively simple vulnerabilities in web dashboards used by “at least three” ransomware gangs has stopped six companies from responding to ransom demands.
Vangelis Stykas, security researcher and Chief Technology Officer of Atropos.ai, launched a research project to tackle ransomware gangs. These criminals thrive on anonymity thanks to their presence on the dark web and lock up sensitive data to force companies to take action.
While these gangs often exploit security holes in systems to gain access to files, Stykas claims they were able to use code bugs to provide IP addresses of servers used by the gangs, as well as decryption keys that could be passed on to the affected companies.
Ransom epidemic
Despite the advice to never pay a cent to a ransomware gang if your business is hit by an attack, Ransom payments are at record highWhile larger corporations are always a bigger target for extortion, small businesses have no reason to sit back. Strykas points out that two of the six known potential victims were small businesses.
They could exploit existing unsafe direct object references (IDORs), vulnerabilities in web applications that “sequential” access to data believed to be inaccessible to external parties, access to chat messages sent by site administrators.
Some attacks, however, were simpler: the Everest ransomware gang used a default password for its SQL databases and exposed file directories and endpoints, immediately revealing that attacks were in progress.
While this rare victory over ransomware companies is a drop in the ocean compared to the number of attacks currently taking place, it does show that the perpetrators are not infallible. Hopefully, this will inspire many companies not to give in to any demands.
Via TechCrunch
