Ransomware victims get revenge, release attack of their own
One victim of a ransomware attack decided to take the old saying “an eye for an eye“ literally, hacking the very people who released an attack on his files.
Tobias Frömel was the victim of the Muhstik Ransomware. Frömel found that his files were encrypted, forcing him to pay a ransom of €670 ($734.41).
Since the end of September, this ransomware virus has infected thousands of computers across the globe. The malware specifically targets network-attacked storage (NAS) devices made by Taiwanese hardware vendor QNAP. The hackers were using brute force to attack the QNAP NAS devices that were using weak passwords for the built-in phpMyAdmin service.
The hackers have demanded 0.09 BTC, or approximately $700, as compensation to retrieve the files.
Frömel found himself locked out of his files, thus agreeing to pay the ransom. However, he was not done by any stretch of the imagination. Frömel works as a software developer and decided that he would take his skills and use them to seek revenge.
After paying the ransom, the German software developer began to analyze the ransomware. After closely examining Muhstik, he was able to retrieve the hacker’s database from their very own server. He acknowledged that “it was not legal” for him to have done this, but he didn’t care, concluding that “I’m not the bad guy here.”
After retrieving the database, he created a text file that he published online that contained 2858 decryption keys for the nearly 3000 victims of this attack. This would allow those victims to be able to use the decryption key to unlock the files, giving them access to them again.
He posted this text file on several different outlets, including Twitter, allowing victims to easily discover it. He began the text file by saying, “Hey guys, good news for you all, bad news for me cause I paid already… maybe someone can give me a tip for my hard work.” No word as to whether anyone help compensate him for the work he had done.
This is the second set of decryption keys that have been released to counteract ransomware. On Friday, the keys for the HildaCrypt Ransomware were also released
To receive the latest CoinGeek.com news, special discounts on CoinGeek Conferences and other inside information direct to your inbox, please sign up for our mailing list.