Security Flaws in Cybercriminal Sites Prevent Potential Attacks on Six Companies

Security Flaws in Cybercriminal Sites Prevent Potential Attacks on Six Companies
Published on:ย 
2 min read

Recent findings reveal that security vulnerabilities in the infrastructure used by ransomware gangs have inadvertently protected six companies from potential cyberattacks. According to security researcher Vangelis Stykas, these loopholes in the cybercriminals' web structure thwarted their attempts to extort significant ransom payments.

Among the protected entities were four cryptocurrency firms, which received timely warnings before ransomware actors could encrypt their files. Additionally, two unicorn companies were able to secure their data using decryption keys provided by Stykas, thus avoiding ransom payments. This incident highlights a rare but significant success for the targeted organizations.

Stykas, Chief Technology Officer and security researcher at Atropos.ai, discovered several fundamental vulnerabilities in the web dashboards of at least three ransomware gangs. These flaws were substantial enough to disrupt the core operations of the gangs.

Cybercriminals typically obscure their identities and operations behind the Dark Web, utilizing tools like the Tor browser to hide their real-world servers and data storage. However, Stykas uncovered critical security flaws in the attackers' leak sites, which are used to extort victims and publish stolen information. These flaws allowed him to identify the vulnerabilities without logging into the sites.

One notable vulnerability involved the Everest ransomware gang, which used a default password for accessing their back-end SQL databases. This oversight exposed their file directories and API endpoints, revealing the targets of the BlackCat ransomware gang.

Additionally, Stykas exploited an insecure direct object reference (IDOR) bug to review chat messages from the Mallox ransomware administrator. He discovered two decryption keys, which he subsequently shared with the affected companies. For privacy reasons, he chose not to disclose the names of the companies involved.

This case underscores the potential for security lapses in cybercriminal operations to inadvertently benefit their intended victims.

๐’๐ญ๐š๐ฒ ๐ข๐ง๐Ÿ๐จ๐ซ๐ฆ๐ž๐ ๐ฐ๐ข๐ญ๐ก ๐จ๐ฎ๐ซ ๐ฅ๐š๐ญ๐ž๐ฌ๐ญ ๐ฎ๐ฉ๐๐š๐ญ๐ž๐ฌ ๐›๐ฒ ๐ฃ๐จ๐ข๐ง๐ข๐ง๐  ๐ญ๐ก๐ž WhatsApp Channel now! ๐Ÿ‘ˆ๐Ÿ“ฒ

๐‘ญ๐’๐’๐’๐’๐’˜ ๐‘ถ๐’–๐’“ ๐‘บ๐’๐’„๐’Š๐’‚๐’ ๐‘ด๐’†๐’…๐’Š๐’‚ ๐‘ท๐’‚๐’ˆ๐’†๐ฌ ๐Ÿ‘‰ FacebookLinkedInTwitterInstagram

Related Stories

No stories found.
logo
DIGITAL TERMINAL
digitalterminal.in