A security researcher has revealed how his discovery of some fairly simple vulnerabilities in web control panels used by “at least three” ransomware gangs saved six companies from agreeing to a ransom demand.
Vangelis Stykas, a security researcher and CTO at Atropos.ai, embarked on a research project to try to turn the tide against ransomware gangs, which thrive on anonymity thanks to their base on the dark web, as well as locking up sensitive data to force a company into action.
However, while these gangs often thrive on security flaws in systems to gain the access they need to use files as leverage, Stykas claims they were able to use code errors to pass off IP addresses of servers used by the gangs, as well as discover decryption keys to be passed on to the affected companies.
Rescue Epidemic
Although the advice is always to never pay a cent to a ransomware gang if your company is hit by an attack, Ransom payments hit record highWhile larger companies are always easier targets for extortion, small businesses have no reason to be complacent, and Strykas noted that two of the six known potential victims were small businesses.
They were able to use existing insecure direct object references (IDOR), vulnerabilities in web applications that allow “sequential” access to data that is considered inaccessible to third parties, to access chat messages sent by site administrators.
However, some were simpler: the Everest ransomware gang used a default password for their SQL databases and exposed file directories and endpoints that directly revealed ongoing attacks.
While this rare victory against ransomware companies is just a drop in the ocean compared to the number of attacks currently occurring, it does demonstrate that the perpetrators are not infallible, which will hopefully inspire many companies not to give in to any demands.
Through TechnologyCrunch
