TechCrunch reports that half a dozen organizations were spared from millions of ransomware payments due to security issues impacting ransomware operations' web dashboards.
Such vulnerabilities have enabled pre-file encryption warnings to four compromised cryptocurrency entities, as well as granted decryption keys to two other companies, said Atropos.ai Chief Technology Officer and researcher Vangelis Stykas ahead of the study's presentation at this year's Black Hat USA security conference. Aside from the Everest ransomware leveraging default credentials for its back-end SQL databases that compromised its file directors, BlackCat ransomware also had API endpoints revealing its targets while attacks were ongoing, Stykas noted. Meanwhile, Mallox ransomware decryption keys have been obtained by Stykas after compromising the group admin's chat messages through an insecure direct object reference vulnerability. Such findings show the fallibility of ransomware operations, which could be exploited by law enforcement in their crackdown efforts.
