Stanford student finds glitch in ransomware payment system to save victims $27,000

Jack Cable (center) speaks at a HackerOne conference in 2019 (courtesy of HackerOne).

Share

Written by

The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses.

Stanford University student and security researcher Jack Cable got a call Wednesday from a family friend, who is a doctor, asking for help because cybercriminals had locked the doctor’s computer. The doctor was preparing to pay the ransom when Cable began looking at the hackers’ payment system, according to Cable.

The hackers were demanding 0.01 Bitcoin, or roughly $550 at the time, to unlock the doctor’s files. Cable, who served as a cybersecurity adviser to the Department of Homeland Security during the 2020 election, realized that if he changed one letter from lowercase to uppercase in the “transaction ID” the hackers were using to track payments, the system mistook the input for a victim that had already paid and unlocked the files.

The new strain of ransomware, known as QLocker, has flooded the internet in recent days, targeting network storage systems made by Taiwan-based QNAP Systems. The firm confirmed the ransomware attacks on Thursday, saying it was “urgently working on a solution to remove malware from infected devices.”

Cable took to Twitter late Wednesday asking victims of the ransomware to get in touch so he could help recover their data. He said 50 people from various parts of the world messaged him, and that he was able to get their data back using the same glitch in the hackers’ payment scheme. That prevented some $27,000 in potential victim losses.

The ransomware authors have since fixed the glitch, but Cable’s efforts count as a small yet significant win against a broader scourge of ransomware incidents that has affected countless U.S. businesses and government agencies. 

“It shows that even though we may think of all attackers as being very sophisticated, the reality is that since this is financially motivated, there’s going to be a range of sophistication levels,” Cable told CyberScoop.

Cybercriminals “looking to make a quick buck” are “unlikely to have a robust security team,” Cable pointed out.

The 21-year-old, who made his name by hacking Pentagon software systems as a teenager to make them more secure, said he would continue to look for weaknesses in attacker infrastructure when he had time.  

Ransomware gangs can be “sloppy” in their tradecraft, he added. “To whatever extent we can take advantage of this to reduce the damage can go a long way,” Cable said.

-In this Story-

financial, incident response, ransomware
TwitterFacebookLinkedInRedditGmail