Ransomware victim hacks back hackers and publishes decryption keys

Spread the love

Becoming a victim of ransomware is bittersweet. The feeling of powerlessness is especially unpleasant, according to one victim of the Muhstik ransomware. He therefore decided to retaliate by hacking back the hackers himself and placing the keys online.

The German programmer Tobias Frömel has given his own interpretation to the term ‘ethical hacking’. He fell victim to the Muhstik ransomware in September. It focuses on QNAP NAS systems. The ransomware scans the Internet for Internet-connected QNAPs and encrypts all files on them. The makers ask for a relatively modest amount of 0.09 bitcoin, with the current price around 700 euros.

Frömel paid the ransom, but was very disappointed. He decided to retaliate by hacking back the attackers’ command-and-control server. He tells BleepingComputer that the server used web shells, which gave him access to the PHP script that generated the passwords. He was able to use that script himself to generate the decryption keys for 2858 Muhstik victims.

Frömel put the keys to Pastebin and various ransomware victim support forums. Several victims have now said that the keys work.

You might also like
Exit mobile version