A security researcher has revealed that six companies were spared from paying hefty ransom demands due to rookie security flaws found in the web infrastructure utilized by ransomware gangs. As a result, two companies were able to retrieve decryption keys without paying ransom, while four crypto companies were alerted before their files could be encrypted, representing rare victories for the targeted organizations.
Vangelis Stykas, the Chief Technology Officer at Atropos.ai, embarked on a research project to uncover command and control servers behind over 100 ransomware groups. By identifying vulnerabilities in the web dashboards used by ransomware gangs, Stykas was able to disrupt their operations and potentially expose crucial information about the criminals and their victims.
Typically operating in the dark web, ransomware gangs conceal their identities and activities from authorities. However, Stykas discovered coding errors in leak sites used by these groups, providing access to critical data without the need for authentication. This allowed him to identify IP addresses and potentially trace the physical locations of the servers used by the gangs.
Through exploits like default passwords, exposed API endpoints, and insecure direct object references, Stykas was able to gather sensitive information, including decryption keys, which he shared with affected companies. Among the victims were small businesses and cryptocurrency companies, including two unicorns with valuations exceeding $1 billion.
While none of the impacted companies have publicly disclosed the incidents, Stykas hinted at the possibility of revealing their names in the future. This research highlights the vulnerability of ransomware gangs to simple security flaws, opening up opportunities for law enforcement to target cybercriminals beyond traditional jurisdictional boundaries.
