Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms TechCrunch
pCommentppA security researcher says six companies were saved from having to pay potentially hefty ransom demands in part thanks to rookie security flaws found in the web infrastructure used by the ransomware gangs themselvesppTwo companies received the decryption keys to unscramble their data without having to pay the cybercriminals a ransom and four hacked crypto companies were alerted before the ransomware gang could begin encrypting their files marking rare wins for the targeted victim organizationsppVangelis Stykas a security researcher and chief technology officer at Atroposai set out on a research project to identify the command and control servers behind over 100 ransomware and extortionfocused groups and their data leak sites The aim was to identify flaws that could be used to unmask information about the gangs themselves including their victims ppStykas told TechCrunch ahead of his talk at the Black Hat security conference in Las Vegas on Thursday that he found several simple vulnerabilities in the web dashboards used by at least three ransomware gangs which were enough to compromise the inner workings of the operations themselvesppRansomware gangs typically hide their identities and operations on the dark web an anonymous version of the web accessible through the Tor browser which makes it difficult to identify where the realworld servers are that are used for cyberattacks and storage of stolen datappBut coding errors and security bugs in the leak sites which ransomware gangs use to extort their victims by publishing their stolen files allowed Stykas to peek inside without having to log in and extract information about each operation In some cases the bugs exposed the IP addresses of the leak sites servers which could be used to trace their realworld locationsppSome of the bugs include the Everest ransomware gang using a default password for accessing its backend SQL databases and exposing its file directories and exposed API endpoints that revealed the targets of the BlackCat ransomware gangs attacks while in progressppStykas said he also used one bug known as an insecure direct object reference or IDOR to cycle through all of the chat messages of a Mallox ransomware administrator which contained two decryption keys that Stykas then shared with the affected companiesppThe researcher told TechCrunch that two of the victims were small businesses and the other four were crypto companies with two of them considered unicorns startups with valuations over 1 billion though he declined to name the companiesppHe added that none of the companies he notified has publicly disclosed the security incidents and did not rule out disclosing the names of the companies in the futureppThe FBI and other government authorities have long advocated victims of ransomware not to pay the hackers ransom as to prevent the malicious actors from profiting from their cyberattacks But the advice offers little by way of recourse for the companies that need to regain access to their data or cant operate their businessppLaw enforcement has seen some success in compromising ransomware gangs in order to obtain their bank of decryption keys and starve cybercriminals from their illegal revenue streams albeit with mixed resultsppThe research shows that ransomware gangs can be susceptible to much of the same simple security issues as big companies providing a potential avenue for law enforcement to target criminal hackers that are far out of jurisdictional reach ppEvery weekday and Sunday you can get the best of TechCrunchs coverageppStartups are the core of TechCrunch so get our best coverage delivered weeklyppThe latest Fintech news and analysis delivered every TuesdayppTechCrunch Mobility is your destination for transportation news and insightppBy submitting your email you agree to our Terms and Privacy Notice
ppOpera is releasing its redesigned Opera One browser on iOS as a stable release after testing it in the beta phase for weeks The new browser has a bottom placed ppIn Puerto Rico tax breaks enacted in 2012 aimed to juice the economy by encouraging mainland US citizens to do business and live on the island where they could apply ppElon Musk and Donald Trumps joint X Spaces event appears to have crashed Monday afternoon The conversation between the owner of X and the former President was scheduled for 5 ppAntler the Singapore VC that focuses on earlystage investments just closed its second Southeast Asia fund Its raised 72 million to double down on startups in Singapore Indonesia Vietnam and ppIt racked up around 18000 users made 8000 matches and gathered a lot of insights on the current dating scene ppFram2 would launch into a polar orbit from Florida in late 2024 after which it will stay up at 425450 kilometers of altitude for three to five days ppA class action lawsuit filed by artists who allege that Stability Runway and DeviantArt illegally trained their AIs on copyrighted works can move forward but only in part the presiding ppTally a nineyearold fintech that helped consumers manage and pay off their credit card debt has shut down according to the company In a LinkedIn post that was shared earlier ppDawn Aerospace MkII is essentially an aircraft with the performance of a rocket not a rocket with wings ppThe US Securities and Exchange Commission SEC is suing a crypto startup NovaTech for allegedly fraudulently raising more than 650 million from over 200000 investors many in the HaitianAmerican community ppThe FBIs takedown of the RadarDispossessor ransomware and extortion gang is a rare win in the fight against ransomware ppFeatured ArticleppSome of the largest most damaging breaches of 2024 already account for over a billion stolen records Plus some special shoutouts ppIn the last 12 months Balderton has announced 12 new investments ppTikTok looks to be taking on popular messaging services like Metas WhatsApp and Apples Messages as the company announced on Monday that its adding group chats to its platform You ppTheres a fascinating look by John Herrman over at NYMag today at one of the big proposed uses of AI summarizing content We all need things summarized right Everybodys too ppWaymo plans to start testing its fully autonomous vehicles with no human safety driver on freeways in the San Francisco Bay Area this week Its employees will be the first ppAnduril and Palantir delivered the first Tactical Intelligence Targeting Access Node TITAN the first major milestone in its 178 million contract ppGoogle Pixel 8 devices made in India start rolling off the production lines just ahead of the Pixel 9 launch ppApple has threatened to remove creator platform Patreon from the App Store if creators use unsupported thirdparty billing options or disable transactions on iOS instead of using Apples own inapp ppElevate your brands presence at TechCrunch Disrupt 2024 in San Francisco by hosting a custom Side Event during Disrupt Week taking place October 26 through November 1 Engage facetoface with ppMeta and Universal Music Group UMG announced on Monday the expansion of their multiyear music licensing agreement which enables users to share songs from UMGs music library across Metas platforms ppWeRide a Chinese autonomous vehicle company is officially gearing up for a US public debut over a year after China started easing its effective ban of foreign IPOs The company is ppWhen users click on an event on Polymarket they will now see a summary of news related to the event based on search results from Perplexity ppThe UK antitrust regulator has confirmed that its carrying out an earlystage inquiry into Synopsys plans to buy Ansys The Competition and Markets Authority CMA has opened an invitation to ppHere is a look back at the top security research from the annual hacker conferences Black Hat and Def Con 2024 ppCrossborder payments for businesses in emerging markets remain significantly untapped despite small to large businesses using banks and legacy fintechs to transact trillions of dollars in transaction volume annually A ppBT the UKs former incumbent telecoms carrier is picking up a major new investor today as telecoms companies look for stronger footing in the rapidly shifting technology and communications market ppX the social media platform owned by Elon Musk has been targeted with a series of privacy complaints after it helped itself to the data of users in the European ppKazam an Indian EV charging solution provider has raised 8 million to expand its footprint in the country and enter Southeast Asian markets ppAutonomy founder Scott Painter is spinning out a new company called Autonomy Data Services or ADS he tells TechCrunch in an exclusive interview ppPowered by WordPress VIPp
ppOpera is releasing its redesigned Opera One browser on iOS as a stable release after testing it in the beta phase for weeks The new browser has a bottom placed ppIn Puerto Rico tax breaks enacted in 2012 aimed to juice the economy by encouraging mainland US citizens to do business and live on the island where they could apply ppElon Musk and Donald Trumps joint X Spaces event appears to have crashed Monday afternoon The conversation between the owner of X and the former President was scheduled for 5 ppAntler the Singapore VC that focuses on earlystage investments just closed its second Southeast Asia fund Its raised 72 million to double down on startups in Singapore Indonesia Vietnam and ppIt racked up around 18000 users made 8000 matches and gathered a lot of insights on the current dating scene ppFram2 would launch into a polar orbit from Florida in late 2024 after which it will stay up at 425450 kilometers of altitude for three to five days ppA class action lawsuit filed by artists who allege that Stability Runway and DeviantArt illegally trained their AIs on copyrighted works can move forward but only in part the presiding ppTally a nineyearold fintech that helped consumers manage and pay off their credit card debt has shut down according to the company In a LinkedIn post that was shared earlier ppDawn Aerospace MkII is essentially an aircraft with the performance of a rocket not a rocket with wings ppThe US Securities and Exchange Commission SEC is suing a crypto startup NovaTech for allegedly fraudulently raising more than 650 million from over 200000 investors many in the HaitianAmerican community ppThe FBIs takedown of the RadarDispossessor ransomware and extortion gang is a rare win in the fight against ransomware ppFeatured ArticleppSome of the largest most damaging breaches of 2024 already account for over a billion stolen records Plus some special shoutouts ppIn the last 12 months Balderton has announced 12 new investments ppTikTok looks to be taking on popular messaging services like Metas WhatsApp and Apples Messages as the company announced on Monday that its adding group chats to its platform You ppTheres a fascinating look by John Herrman over at NYMag today at one of the big proposed uses of AI summarizing content We all need things summarized right Everybodys too ppWaymo plans to start testing its fully autonomous vehicles with no human safety driver on freeways in the San Francisco Bay Area this week Its employees will be the first ppAnduril and Palantir delivered the first Tactical Intelligence Targeting Access Node TITAN the first major milestone in its 178 million contract ppGoogle Pixel 8 devices made in India start rolling off the production lines just ahead of the Pixel 9 launch ppApple has threatened to remove creator platform Patreon from the App Store if creators use unsupported thirdparty billing options or disable transactions on iOS instead of using Apples own inapp ppElevate your brands presence at TechCrunch Disrupt 2024 in San Francisco by hosting a custom Side Event during Disrupt Week taking place October 26 through November 1 Engage facetoface with ppMeta and Universal Music Group UMG announced on Monday the expansion of their multiyear music licensing agreement which enables users to share songs from UMGs music library across Metas platforms ppWeRide a Chinese autonomous vehicle company is officially gearing up for a US public debut over a year after China started easing its effective ban of foreign IPOs The company is ppWhen users click on an event on Polymarket they will now see a summary of news related to the event based on search results from Perplexity ppThe UK antitrust regulator has confirmed that its carrying out an earlystage inquiry into Synopsys plans to buy Ansys The Competition and Markets Authority CMA has opened an invitation to ppHere is a look back at the top security research from the annual hacker conferences Black Hat and Def Con 2024 ppCrossborder payments for businesses in emerging markets remain significantly untapped despite small to large businesses using banks and legacy fintechs to transact trillions of dollars in transaction volume annually A ppBT the UKs former incumbent telecoms carrier is picking up a major new investor today as telecoms companies look for stronger footing in the rapidly shifting technology and communications market ppX the social media platform owned by Elon Musk has been targeted with a series of privacy complaints after it helped itself to the data of users in the European ppKazam an Indian EV charging solution provider has raised 8 million to expand its footprint in the country and enter Southeast Asian markets ppAutonomy founder Scott Painter is spinning out a new company called Autonomy Data Services or ADS he tells TechCrunch in an exclusive interview ppPowered by WordPress VIPp
