German Programmer ‘Hacks Back’ After Bitcoin Ransomware Attack

German programmer Tobias Frömel (aka “battleck”) has “hacked back” the perpetrators of the Muhstik ransomware who forced him to pay 0.09 Bitcoin (BTC) to recover access to his files.

In a Bleeping Computer forum post on Oct. 7, Frömel revealed that he had hacked the attackers’ database, sharing almost 3,000 decryption keys and a free decryptor with fellow victims.

Bleeping Computer previously reported that publicly exposed QNAP NAS devices have been targeted by ransomware dubbed Muhstik. The attackers extorted a fixed “fee” of 0.09 Bitcoin — roughly $740 at press time — from victims to recover access to their data via decryption keys.

Having himself paid €670 to the Muhstik perpetrators, Frömel hacked back their command and control server. He told Bleeping Computer that he had succeeded in retrieving the unique Hardware IDs (HWIDs) and decryption keys for the 2,858 Muhstik victims stored in the attackers’ database.

Victims have since confirmed in BleepingComputer’s Muhstik support and help forum that the HWIDs are accurate and that the decryptor works.

Having succeeded in his task, Frömel conceded that his action was illegal, but argued that it was well-intentioned. He also provided a Bitcoin wallet address for fellow victims to tip him for his labor.

Since Frömel’s work, anti-virus firm Emsisoft has released decryption software for victims running ARM-based QNAP devices, which reportedly were not supported in Frömel’s release.

Subscribe to our groups in Facebook and Telegram and stay up to date.

Main, News

Leave a Reply

Your email address will not be published.