Thanks to the found vulnerabilities in the systems of hacker groups specializing in extortion, six companies managed to avoid paying significant amounts to attackers. Two organizations received keys to restore the encrypted data for free, and four cryptocurrency companies were timely warned of preparatory attacks.
Vangelis Fund, the security researcher and the technical director of Atropos.ai, conducted a large-scale study of the management servers of more than 100 groups engaged in extortion and data leaks. The aim of the project was to identify vulnerabilities that could reveal information about the hackers themselves and their potential victims.
During studies, Vangelis Fund discovered a number of critical vulnerabilities in the web panels of at least three hacker groups, which allowed access to the internal structure of their operations. Despite the fact that cybercriminals usually hide their activities in a darknet, code errors and shortcomings in security systems on data leakage sites provided the researcher with the opportunity to obtain unauthorized access to confidential information. In some cases, these vulnerabilities revealed the IP addresses of servers, which could potentially help determine their real location.
Among the problems found there were cases when the EVEREST group used a standard password to access its SQL databases, as well as open API interfaces that made it possible to track the targets of the Blackcat group in real time. Vangelis Fund also discovered a vulnerability that allowed him to access all reports of the administrator of the Mallox group, as a result of which it was possible to find two decryption keys that were transferred to injured companies.
Although Vangelis Fund did not reveal the names of the companies, he said that two of them were representatives of small businesses, and the remaining four were cryptocurrency companies, including two with an assessment cost of more than a billion dollars. It is noteworthy that none of the companies publicly reported incidents.
This study demonstrates that even cybercrime groups are vulnerable to elementary errors in security systems. This fact opens up new prospects in the fight against extortionists and the prevention of their illegal enrichment, despite the fact that official bodies, such as the FBI, still advise the victims of cyber attacks not to make concessions to attackers.