DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ransomware Propagation Tied to TeamViewer Account

Posted on March 21, 2016 by Dissent

As if you needed another reason to distrust remote access viewers, David Bisson reports:

Researchers have tied the propagation of a new type of ransomware to a TeamViewer user.

TeamViewer is a cross-platform service that enables remote computer access for tech support calls, meetings, and other purposes. It has been installed on more than a billion devices, which makes its potential attack surface quite extensive.

On March 9th, someone posted to the Bleeping Computer forum a thread in which they describe how all of their pictures videos, and PDFs, among other files, have been encrypted and that the “.surprise” extension has been concatenated to every affected filename.

Read more on Tripwire State of Security.

Update: See statement from TeamViewer in Comments section.

Related posts:

  • The Ransomware Superhero of Normal, Illinois
Category: Malware

Post navigation

← Featured Story: Henry Ford Healthcare System: creating a culture of privacy
KY: Ransomware incident at Methodist Hospital in Henderson (update2) →

1 thought on “Ransomware Propagation Tied to TeamViewer Account”

  1. Axel Schmidt says:
    March 22, 2016 at 7:13 am

    To Whom It May Concern,

    In the last couple of days, some reports surfaced which linked some ransomware infections with TeamViewer.  We strongly condemn any criminal activity, however, we can emphasize two aspects:
     
    (1) Up to now, none of the reported cases is based on a TeamViewer security breach
    (2) Some selected steps will help prevent potential abuse
     
    Ad (1.): We looked thoroughly at the cases that were reported to us. According to our investigation, the underlying security issues cannot be attributed to TeamViewer. Thus far we have no evidence that would suggest any potential security breach of TeamViewer that attackers exploit. Furthermore, a man-in-the-middle attack can nearly be excluded because of TeamViewer’s deployed end-to-end encryption. Additionally, we have no reason to believe that a brute-force attack is the origin of the reported infections. TeamViewer exponentially increases the latency between connection attempts. It thus takes as many as 17 hours for 24 attempts. The latency is only reset after successfully entering the correct password. TeamViewer not only has a mechanism in place to protect its customers from attacks from one specific computer but also from multiple computers, known as botnet attacks, that are trying to access one particular TeamViewer-ID.

    Apart from that, we would like to state, that none of the reports currently circulating hint at a structural deficit or a security glitch of TeamViewer.
     
    Careless use is at the bottom of the cases we currently looked at. This particularly includes the use of the same password across multiple user accounts with various suppliers.
     
    With many suppliers – such as TeamViewer – this does not turn out to be a problem, because appropriate security measures are in place to protect the user’s data.  With other suppliers, however, user data is poorly or not at all protected. These suppliers are an easy target for hackers or data thieves who subsequently sell their loot via pertinent portals, or maybe just maliciously publish the user credentials online.
     
    As TeamViewer is a widely spread software, many online criminals attempt to log on with the data of compromised accounts (which they obtained through the aforementioned sources), in order to find out whether there is a corresponding TeamViewer account with the same credentials. If this is the case, chances are they can access all assigned devices, in order to install malware or ransomware. Yet users can protect against this problem. 
     
     
    Ad (2.)  TeamViewer denounces any criminal ploys, and encourages users to protect themselves by adequate counter measures:
     
    • This starts with the download: TeamViewer advises users to only use official TeamViewer channels for the download.
     
    • Additionally, users ought to protect any user account – whether it is with TeamViewer or any another supplier –  by unique and secure passwords.
     
    • Moreover, TeamViewer encourages users to protect their TeamViewer accounts by two factor authentication.   See: http://www.teamviewer.com/en/help/402-How-do-I-activate-deactivate-two-factor-authentication-for-my-TeamViewer-account.aspx
     
    • Finally, users should make sure that their device has not already been infected by viruses, spyware or any other type of malware that hackers may use to access secret or sensitive data. 
     
    The TeamViewer support team is happy to answer any potential technical issues or queries at [email protected].
     
    TeamViewer recommends that users who have been the victim of criminal activities get in touch with their local police departments, in order to report their case. This is particularly important because, TeamViewer is subject to very strict data protection and privacy regulations, and can release sensitive data only to authorized individuals and authorities.

    Best regards,
    Axel Schmidt

    Public Relations Manager

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.