2 min Security

Ransomware victims recover data for free due to hackers’ bugs

Ransomware victims recover data for free due to hackers’ bugs

According to research by Atropos.ai, six companies have escaped paying ransom for a ransomware attack because the attackers’ infrastructure was messy.

According to Techcrunch, the presentation at Black Hat USA showed that victims of ransomware attacks can sometimes escape paying ransom because of security flaws that ransomware gangs themselves create in their web infrastructure. Atropos.ai researcher Vangelis Stykas examined the C&C servers of over 100 ransomware and extortion gangs and the sites where they leaked their stolen data. The goal was to identify possible identity flaws that could give them more insight into who these gangs were and their potential victims.

Hackers themselves are also vulnerable

The study found that the web infrastructure used by these gangs contained simple security flaws. More specifically, the hackers used web-based dashboards.

Although hackers often use the dark web to disguise their activities, code flaws and security bugs allowed the researcher to look in on the activities without logging in. In some cases, the IP addresses of the servers on which hackers posted their stolen data were also visible. This data in turn could be used to determine their physical locations.

The bugs found included a default password that the Everest ransomware gang used to access its SQL databases. Furthermore, the BlackCat ransomware gang’s file directories and API endpoints were exposed during real-time attacks.

Another bug found, a so-called “insecure direct object reference” or IDOR, helped read all of a Mallox ransomware operator’s chat messages. This also discovered two codes which Stykas from Atropos.ai shared with victims to recover stolen data.

Companies got data back

Ultimately, these discoveries enabled two smaller companies to decrypt their data before they had to pay. Four other hacked crypto companies were warned before ransomware gangs could encrypt their files.

The new discoveries may give authorities more opportunities to crack down on ransomware gangs before they can launch their malicious activities. Moreover, they show that hackers are just as vulnerable as their victims and often in the same way.

Also read: HardBit 4.0 ransomware offers another level of criminal service