According to a security researcher, six businesses escaped large ransom payments because of fundamental security holes in the online infrastructure that ransomware attackers exploited. In a rare victory, two organizations obtained decryption keys without having to pay a ransom, and four targeted crypto enterprises received warnings prior to their information being locked.
Security researcher and Atropos.ai CTO Vangelis Stykas carried out an investigation to find command and control servers and data leak locations utilized by more than 100 ransomware and extortion-focused organizations. Finding weak points that would disclose details about these groups and their victims was his aim.
Prior to his presentation at the Black Hat security conference in Las Vegas, Stykas disclosed to TechCrunch that he had found multiple critical vulnerabilities in the web dashboards utilized by a minimum of three ransomware organizations. Their internal operations were compromised by these weaknesses. Ransomware organizations typically operate on the dark web, which makes it challenging to identify the actual servers that are used to store stolen data and carry out cyberattacks.
However, Stykas was able to access internal data without logging in because of coding mistakes and security holes in the leak sites, where ransomware gangs post stolen material to blackmail victims. These flaws occasionally made the servers' IP addresses visible, possibly disclosing their actual locations.
A few of the vulnerabilities were that the BlackCat ransomware's API endpoints exposed active attack targets, and the Everest ransomware organization utilized a default password for its back-end SQL databases and exposed file paths. Additionally, Stykas gained access to a Mallox ransomware administrator's chat messages by abusing an insecure direct object reference (IDOR) vulnerability. There, he discovered two decryption keys, which he shared with the impacted firms.
Four cryptocurrency companies, two of which are unicorns (startups valued at over $1 billion) and two tiny enterprises were among the victims. None of these businesses have officially recognized the security problems, and Stykas withheld their names.
Although paying a ransom does not immediately assist firms that need to restore access to their data, authorities such as the FBI warn against doing so in order to prevent supporting cybercrime. The results indicate that ransomware gangs are susceptible to the same fundamental security flaws as major corporations, providing law enforcement with potential avenues to target these criminal hackers. Law enforcement has had varying degrees of success in stopping ransomware operations and obtaining decryption keys.