TeamViewer Enabled Hacker To Login And Install Ransomware

Generally I keep my blog strictly about marketing, but due to the spike in activity around TeamViewer in the past 48 hours, I’m going to share my story here. I wrote an article for a publication about 24 hours ago, discussing the TeamViewer website being completely offline and the dozens of hacked account claims on Reddit and Twitter.

“I did have 2-factor authentication [installed]. They got in my PC at4:50am MT, left at 8:31am. [They] bought about $3k in stuff with my PayPal.” explained one user in an interview with me.

“They also accessed and stripped all my toons in WoW and attempted a character transfer.” he explained. ‘Toons’ is another word for characters. The hackers attempted to take all of his in-game items, which can easily be sold for a large sum of money when the game is as popular as World of Warcraft.

After going live with the story, TeamViewer ignored my tweets reaching out to them and went directly to my publication, demanding that the article is to be changed. TeamViewer thought tweets and Reddit posts weren’t enough to mention in an article. My publication contacted me and I was told to change the article.

Since this is my blog, I can share what I know from dealing with TeamViewer for years, what I’ve learned from researching the story for hours, interviewing several victims and my past experiences with TeamViewer’s security.

I do believe that these people are entirely telling the truth and I do believe their story is to be believed.

As for the DDOS attack, it’s a common procedure for hackers to create distractions while they are hacking a website. This gives them more time to get done what they need. The attack doesn’t need to last long either. An hour or two of downtime is plenty to get in and out.

One morning I woke up to a “thank-you for using TeamViewer” session with my background changed to an image that contained a list of instructions. I was to download Tor to get instructions on what to do further. It walked me through a set of screens before being asked to send bitcoin to the hackers. All of my files were gone.

What the hackers had done was logged into my TeamViewer account, then encrypted all of my files on my computer, rending them useless. I was asked to pay an irreversible, anonymous lump sum of cash, in return for my files being unlocked. This virus is called ransomware.

I never paid the money, because in many cases like this, hackers don’t actually come through with their promise. You might send the few hundred dollars and get nothing in return.

This hacker had an upload form where you could send any 2 files and it would decrypt them for you, just to show you that they were able to do it. However when I tried, that function didn’t work. So I decided to move on. Files on DropBox were able to be recovered. Luckily, I’m not using my Windows machine much anymore, so most of my important files are on my Macbook, which is closed with no internet connection when I’m not on it.

My personal advice to those using TeamViewer.

  1. Make sure you have 2 factor authentication enabled so you have to have the Google Authentication app when logging in.
  2. Disconnect your computer from the internet when you’re not using it, if possible.
  3. Keep backups of your files.

No Comments

Leave a Reply