Tobias Frömel, is a German software developer, who was a victim of the Muhstik ransomware. Frömel initially paid the ransom to decrypt his files, but later decided to get his revenge on the crooks.
The expert hacked the server used by the Muhstik ransomware gang and released the decryption keys for all the victims of the group.
Attackers first get access to the NAS devices through
This ransomware targets network-attacked storage (NAS) devices made by Taiwanese hardware vendor QNAP. The gang behind the Muhstik ransomware is brute-forcing QNAP NAS devices that use weak passwords for the built-in
“The Muhstik ransomware is reportedly being used to target QNAP NAS devices. Devices using weak SQL server passwords and running
“We strongly recommend that users act immediately to protect their data from possible malware attacks.
The developer published on Pastebin the 2,858 decryption keys found on the hacked server and clarified that he was aware that the hack back is not legal.
Frömel also published a
In the meantime, Frömel has been busy notifying Muhstik victims on Twitter about the
According to ZDNet, which first reported the news, Frömel notified authorities and also provided information to track down members of the Muhstik gang.
This case highlights the importance of working with the authorization of law enforcement before conducting hacking back.
(SecurityAffairs – Muhstik ransomware, hacking)