A security researcher has revealed how their discovery of some fairly straightforward vulnerabilities in the web dashboards used by “at least three” ransomware gangs saved six companies from acquiescing to a ransom demand.
Vangelis Stykas, a security researcher and Atropos.ai’s chief technology officer, set out on a research project to try and turn the tables on ransomware gangs, which thrive on anonymity thanks to being based on the dark web, as well locking down sensitive data to force a company’s hand.
Ransom epidemic
Despite the advice always being to never pay a ransomware gang a penny if your business is hit by an attack, ransom payments are at a record high. Though larger enterprises are always targets riper for extortion, small businesses have no reason to be complacent, with Strykas pointing out that two of the six known would-be victims were small businesses.
They were able to use existing insecure direct object references (IDORs), vulnerabilities in web applications that allow “sequential” access to data thought inaccessible by external parties, to access chat messages sent by site administrators.
Some, however, were simpler: the Everest ransomware gang used a default password for its SQL databases, and exposing file directories and endpoints that directly revealed attacks in progress.
While this rare win against ransomware companies is still but a drop in the ocean compared to the amount of attacks currently happening, it does show that perpetrators are not infallible, which will hopefully inspire many companies to not give in to any demand.
Via TechCrunch
More from TechRadar Pro
