Call it an act of bittersweet revenge. A victim of the Muhstik Ransomware attack who had to pay up the hackers for releasing his data went right back at the hackers by hacking them (him/her) back, and even released 3,000 decryption keys along with a decryptor tool so that other affected victims of the ransomware attack would get their files back.
Towards the latter half of September, attackers targeted publicly exposed QNAP Network Attached Storage (NAS) devices and encrypted files within them. The ransomware was dubbed “Muhstik” as it used the .muhstik extension to encrypt files. After the files were hacked, the attackers would demand 0.09 bitcoins, or approximately $700 USD to decrypt the files. German programmer Tobias Frömel was one of the victims of the attack and had to pay up €670 to gain his files back.
Frömel found the entire incident demeaning and insulting and decided to get back at the hacker and hacked the attacker’s command and control server. While scouting through the command and control server he stumbled upon the web shells which got him access to the PHP script that generates passwords for a new victim.
He then used the same web shell to create a PHP file based on the key generator. Digging deeper he found decryption keys for 2,858 Muhstik victims stored in the database of the attacker. Frömel with the support of Bleeping Computer released the keys and a free decryptor at Bleeping Computer’s Muhstik support and help topic.
Several users have reached out to Bleeping Computer over the key generator and its use. Bleeping Computer also confirmed that the key generator along with the decryptor was working perfectly.
Even though what Frömel did may earn him accolades on the moral front, it may not be completely legal. He, in his original announcement on the Bleeping Computer forum, urged readers to know he’s “not the bad guy here.”
In a similar incident when attackers got a taste of their own medicine, hours after the terrorist Islamic State (IS) claimed its news site was unhackable, Muslim hacking collective called Di5s3nSi0N hacked into the network and published a list of almost 2,000 subscribers’ email addresses. This came as a blow to the online caliphate. For the hacker collective, it was just another “Challenge accepted” scenario.
Within three hours after the terrorist wing claimed that its news site Amaq had spruced up its security, the subscribers received a mail which read, “We have hacked the full ‘secure’ email list for Amaq”. Adding “Daesh…shall we call you dogs for your crimes or snakes for your cowardice? We are the bugs in your system.”
 devices and encrypted files within them.){kind=link}