Ransomware

Ransomware leak site bugs avert ransom demand payments

Image of ransomware, computer language, circuit board pattern over data server room

TechCrunch reports that half a dozen organizations were spared from millions of ransomware payments due to security issues impacting ransomware operations' web dashboards.

Such vulnerabilities have enabled pre-file encryption warnings to four compromised cryptocurrency entities, as well as granted decryption keys to two other companies, said Atropos.ai Chief Technology Officer and researcher Vangelis Stykas ahead of the study's presentation at this year's Black Hat USA security conference. Aside from the Everest ransomware leveraging default credentials for its back-end SQL databases that compromised its file directors, BlackCat ransomware also had API endpoints revealing its targets while attacks were ongoing, Stykas noted. Meanwhile, Mallox ransomware decryption keys have been obtained by Stykas after compromising the group admin's chat messages through an insecure direct object reference vulnerability. Such findings show the fallibility of ransomware operations, which could be exploited by law enforcement in their crackdown efforts.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds