Rise in ransomware attacks exploiting unprotected TeamViewer instances

Cybersecurity researchers at Huntress have found a rise in ransomware attacks exploiting unprotected TeamViewer instances, a commonly used remote access tool. TeamViewer's widespread use in the business sector makes it a prime target for hackers, but the vulnerability is not new; security experts previously warned about the dangers of hackers exploiting weak password practices to spread ransomware via the software.

Huntress provided examples of two recent attacks, both linked to the same threat actor. One attack targeted an in-use endpoint, while the other was aimed at an unattended endpoint. The targeted companies were successful in preventing the attacks. However, the report indicates that successful attacks may have occurred in other places. The attacks may be connected to the LockBit Black builder, a tool leaked over a year ago and used by ransomware groups Bl00dy and Buhti.

In response to these findings, TeamViewer provided security advice, including the use of complex passwords, two-factor authentication, and regular updates. The company blamed unauthorized access on weak default security settings, often due to the use of simple passwords and outdated software. If you still prefer to look for another alternative, you might want to check AnyDesk, RustDesk or Remmina, or take a look at TeamViewer's alternatives page..