TeamViewer has unintentionally become the center of ransomware attacks. Hackers get into company devices via the remote IT management tool.

Huntress explains in a blog how attackers can abuse two endpoints to break into a device via TeamViewer and install ransomware. It is still unclear to what extent this method will be used and how many organizations would be affected. Huntress experts see similarities to previous LockBit hacks without pointing the finger at any group or at all.

It’s no surprise that TeamViewer is a popular target for hackers. The software is often used in corporate IT to remotely manage devices. Therefore, TeamViewer exudes an aura of reliability, so no alarm bells will ring if the software has access to your device. If attackers manage to crack a TeamViewer account, they have free rein.

History repeats itself

It is therefore not the first time that TeamViewer has unintentionally taken on the role of vector in cyberattacks. In 2016 there was already a large-scale campaign in which companies were attacked via the management tool. TeamViewer then stated that there was no vulnerability in its software, meaning that the attackers had managed to obtain users’ login credentials.

In a reply to BleepingComputer, TeamViewer emphasizes that this must also be the case now. TeamViewer recommends that all users create strong passwords, set up two-factor authentication, and perform updates. These simple measures, which we cannot repeat often enough, can make access to your account(s) much more difficult. It shows that securing applications and accounts is at least as important to good security hygiene as protecting physical and virtual endpoints.