A safety researcher has prevented serious financial losses for six companies potentially targeted in cyber attacks. Vangelis Stikas, the technical director of Atropos.ai, identified vulnerabilities in the infrastructure of various extortion groups, allowing him to infiltrate the hackers and assist the companies. Thanks to simple yet critical mistakes in the hackers’ code, two organizations were provided with decryption keys without having to pay the ransom, and four cryptocurrency companies were warned about imminent attacks before their data could be encrypted.
Stikas conducted a study focusing on servers utilized by over 100 extortion and data leak groups. His research uncovered severe vulnerabilities in web interfaces used by at least three extortionist groups, enabling access to valuable data on their operations. Examples of the flaws included the use of default passwords to access SQL databases and unprotected API interfaces that exposed the target goals of specific hacker groups.
By exploiting an IDOR vulnerability, Stikas gained access to all messages in the Chat administrator of a hacker group and obtained two decryption keys, which he subsequently shared with the affected companies. The entities affected ranged from small enterprises to large cryptocurrency companies with a combined valuation exceeding a billion dollars. Despite this, affected companies have not yet publicly disclosed the incidents, though Stikas has not ruled out the possibility of their names being revealed in the future.
However, Stikas has also experienced negative ramifications from his work. Over the past two years, he has received notifications from Google indicating that government hackers have taken an interest in him, potentially due to his actions against cybercriminals. Stikas emphasized that while attacks on extortion sites can yield results, this method may not be the most effective for combatting cybercrime, as it would likely require substantial resources, making it more suitable for governments or large companies. Stikas estimates that he spent approximately 100 hours of his free time on these attacks.