Friend
Professional
- Messages
- 2,675
- Reaction score
- 1,052
- Points
- 113
Unexpected breaches in the ransomware systems led to rare victories.
Thanks to the discovered vulnerabilities in the systems of hacker groups specializing in extortion, six companies managed to avoid paying significant amounts to intruders. Two organizations received keys to recover encrypted data for free, and four cryptocurrency companies were promptly warned of impending attacks.
Vangelis Stykas, Security Researcher and CTO Atropos.ai, conducted a large-scale study of the management servers of more than 100 groups dealing with extortion and data leaks. The goal of the project was to identify vulnerabilities that could reveal information about hackers and their potential victims.
During the study, Stykas discovered a number of critical vulnerabilities in the web panels of at least three hacker groups, which allowed access to the internal structure of their operations. Despite the fact that cybercriminals usually hide their activities on the darknet, code errors and security flaws on data leakage sites provided the researcher with an opportunity to gain unauthorized access to confidential information. In some cases, these vulnerabilities exposed the IP addresses of servers, which could potentially help determine their real location.
Among the problems found were cases where the Everest group used a standard password to access its SQL databases, as well as open APIs that allowed tracking the BlackCat group's attack targets in real time. Stykas also discovered a vulnerability that allowed him to gain access to all messages of the Mallox group administrator, as a result of which it was possible to find two decryption keys that were transferred to the affected companies.
Although Stykas did not disclose the names of the companies, he clarified that two of them were small businesses, and the remaining four were cryptocurrency companies, including two with an estimated value of more than a billion dollars. Notably, none of the companies have publicly reported the incidents.
This study demonstrates that even cybercriminal groups are vulnerable to basic security errors. This fact opens up new prospects in the fight against ransomware and preventing their illicit enrichment, despite the fact that official authorities, such as the FBI, still advise victims of cyber attacks not to make concessions to intruders.
Source
Thanks to the discovered vulnerabilities in the systems of hacker groups specializing in extortion, six companies managed to avoid paying significant amounts to intruders. Two organizations received keys to recover encrypted data for free, and four cryptocurrency companies were promptly warned of impending attacks.
Vangelis Stykas, Security Researcher and CTO Atropos.ai, conducted a large-scale study of the management servers of more than 100 groups dealing with extortion and data leaks. The goal of the project was to identify vulnerabilities that could reveal information about hackers and their potential victims.
During the study, Stykas discovered a number of critical vulnerabilities in the web panels of at least three hacker groups, which allowed access to the internal structure of their operations. Despite the fact that cybercriminals usually hide their activities on the darknet, code errors and security flaws on data leakage sites provided the researcher with an opportunity to gain unauthorized access to confidential information. In some cases, these vulnerabilities exposed the IP addresses of servers, which could potentially help determine their real location.
Among the problems found were cases where the Everest group used a standard password to access its SQL databases, as well as open APIs that allowed tracking the BlackCat group's attack targets in real time. Stykas also discovered a vulnerability that allowed him to gain access to all messages of the Mallox group administrator, as a result of which it was possible to find two decryption keys that were transferred to the affected companies.
Although Stykas did not disclose the names of the companies, he clarified that two of them were small businesses, and the remaining four were cryptocurrency companies, including two with an estimated value of more than a billion dollars. Notably, none of the companies have publicly reported the incidents.
This study demonstrates that even cybercriminal groups are vulnerable to basic security errors. This fact opens up new prospects in the fight against ransomware and preventing their illicit enrichment, despite the fact that official authorities, such as the FBI, still advise victims of cyber attacks not to make concessions to intruders.
Source
