Topics
in style
AI
Amazon
Image Credits:Samuil Levich / Getty Images
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
gadget
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
security system
Social
place
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
A security investigator say six companies were saved from hold to pay potentially goodish ransom demands , in part thanks to cub security flaws found in the web substructure used by the ransomware gang themselves .
Two companies received the decryption key out to unscramble their data without having to devote the cybercriminals a ransom money , and four cut up crypto society were alarm before the ransomware crew could begin code their files , mark rare wins for the targeted victim organizations .
Vangelis Stykas , a security department researcher and master technology officer at Atropos.ai , set out on a research project to identify the statement and ensure server behind over 100 ransomware and extortion - focused groups and their information leak land site . The intent was to identify flaw that could be used to uncloak entropy about the gangs themselves , including their victims .
Stykas told TechCrunchahead of his talkat the Black Hat security department conference in Las Vegas on Thursday that he found several simple vulnerabilities in the web fascia used by at least three ransomware gangs , which were enough to compromise the internal workings of the operation themselves .
Ransomware gangs typically hide their identities and operations onthe dark web , an anon. version of the web accessible through the Tor web browser app , which makes it difficult to discover where the real - world server are that are used for cyberattacks and storage of stolen datum .
But coding computer error and protection bugs in the leak internet site , which ransomware gangs utilise to squeeze their victim by publishing their stolen file , permit Stykas to peek inside without having to enter and draw out data about each operation . In some cases , the bugs display the IP addresses of the leak site ’s servers , which could be used to describe their real - reality locations .
Some of the hemipteron include the Everest ransomware crew using a default word for get at its back - conclusion SQL databases , and scupper its file directories , and exposed API terminus that revealed the targets of the BlackCat ransomware gang ’s attacks while in progress .
Stykas said he also used one bug , be intimate as an unsafe direct object reference , or IDOR , to cycle through all of the chat messages of a Mallox ransomware administrator , which contained two decryption keys that Stykas then shared with the unnatural company .
The researcher told TechCrunch that two of the victims were small businesses and the other four were crypto companies , with two of them deliberate unicorns ( startup with valuations over $ 1 billion ) , though he declined to name the companies .
He added that none of the companies he notified has publicly disclosed the security measure incidents , and did not predominate out disclosing the names of the fellowship in the future .
The FBI and other administration authorities have long urge victims of ransomwarenot to pay the hackers ’ ransom , as to preclude the malicious actor from gain from their cyberattacks . But the advice offer little by agency of recourse for the companies that need to regain access to their data or ca n’t function their business .
jurisprudence enforcement has seen some success in compromising ransomware gangs in gild to receive their savings bank of decryption keys and starve cybercriminals from their illegal revenue streams , albeitwith mixed results .
The enquiry show that ransomware crowd can be susceptible to much of the same simple security issues as crowing companies , provide a possible avenue for law enforcement to point criminal hackersthat are far out of jurisdictional reach .
