A security researcher has just pulled the rug from under the feet of six corporate giants, exposing the shocking incompetence of ransomware gangs and their laughable web infrastructure. The researcher, Vangelis Stykas, sniffed out a trail of rookie mistakes that allowed him to infiltrate the inner workings of at least three of these criminal organizations, saving the day for his unsuspecting clients.
The good news is that two of these corporations received the decryption keys to unscramble their data without having to pony up a ransom, while the remaining four were alerted to the impending doom, giving them a chance to take action before the ransomware gang could strike. This is a rare victory for the targeted victim organizations, a testament to the power of human ingenuity in the face of cybercrime.
Stykas, the chief technology officer at Atropos.ai, embarked on a research project to identify the command and control servers behind over 100 ransomware and extortion-focused groups, as well as their data leak sites. His aim was to expose the flaws that would allow him to unmask information about the gangs themselves, including their victims.
And expose they did. Stykas discovered that at least three ransomware gangs used default passwords for accessing their back-end SQL databases, and exposed their file directories and API endpoints, making it child’s play for him to extract information about each operation. In some cases, the bugs even exposed the IP addresses of the leak site’s servers, which could be used to trace their real-world locations.
But the crowning jewel of his research was the insecure direct object reference (IDOR) bug, which allowed him to cycle through all of the chat messages of a Mallox ransomware administrator, containing two decryption keys that he then shared with the affected companies.
So, who were the lucky companies that benefited from Stykas’ research? Two small businesses and four crypto companies, with two of them being unicorns valued at over $1 billion. And as for the ransomware gangs? Well, let’s just say they got a taste of their own medicine.
The FBI and other government authorities have long advocated against paying ransom to these cybercriminals, citing the potential for further attacks and financial gain. But Stykas’ research shows that there’s a new way to take down these gangs: exploiting their own incompetence. And who knows? Maybe this is the key to finally taking down these criminal organizations and restoring justice to the digital world.
But don’t hold your breath. The research raises more questions than answers. Will these companies ever publicly disclose the security incidents? Will law enforcement be able to keep up with the ever-evolving tactics of these criminal hackers? And what’s the long-term impact of this research on the global cybersecurity landscape? Only time will tell.