A security researcher has revealed how their discovery of some fairly straightforward vulnerabilities in the web dashboards used by “at least three” ransomware gangs saved six companies from acquiescing to a ransom demand.
Vangelis Stykas, a security researcher and Atropos.ai’s chief technology officer, set out on a research project to try and turn the tables on ransomware gangs, which thrive on anonymity thanks to being based on the dark web, as well locking down sensitive data to force a company’s hand.
Yet, while these gangs so often thrive on security flaws in systems to get the access that they need to use files as leverage, Stykas claims that they were able to use code bugs to pass on IP addresses of servers in use by the gangs, as well as uncover decryption keys to be passed on to affected companies.
Ransom epidemic
Despite the advice always being to never pay a ransomware gang a penny if your business is hit by an attack, ransom payments are at a record high. Though larger enterprises are always targets riper for extortion, small businesses have no reason to be complacent, with Strykas pointing out that two of the six known would-be victims were small businesses.
They were able to use existing insecure direct object references (IDORs), vulnerabilities in web applications that allow “sequential” access to data thought inaccessible by external parties, to access chat messages sent by site administrators.
Some, however, were simpler: the Everest ransomware gang used a default password for its SQL databases, and exposing file directories and endpoints that directly revealed attacks in progress.
While this rare win against ransomware companies is still but a drop in the ocean compared to the amount of attacks currently happening, it does show that perpetrators are not infallible, which will hopefully inspire many companies to not give in to any demand.
Via TechCrunch
