Programmer Hacks Ransomware Crooks, Releases Decryption Keys

A German programmer has released decryption keys for a strain of ransomware after himself falling victim to the malicious code.

Tobias Frömel, a Bavarian developer and web designer, said he paid 670 euros (£598) to the developers of the Muhstik ransomware after he was hacked.

Muhstik targets NAS storage devices made by Taiwan’s QNAP Systems, according to an advisory released by QNAP last week.

The malware tries common passwords on the internet-connected storage devices and, if it gains entry, encrypts the drives’ contents and charges a ransom to decrypt them.

Reverse hack

Frömel said that after recovering from his own attack he located the control servers belonging to the Muhstik gang and carried out a hack of his own to obtain the group’s database of decryption keys.

He released the more than 2,000 keys in a text file on the Pastebin code snippet website, along with a decryption tool.

“I hacked back this criminal and got the whole database (of) keys,” Frömel said in a message posted to the forums of tech help site Bleeping Computer.

He said he was aware it was “not legal” to hack criminals’ systems, but added, “I’m not the bad guy here.”

White hat

Frömel also contacted authorities and provided information about the Muhstik group, according to a security researcher cited by ZDNet.

So-called “white hat” hacking is a controversial practice that exposes those who engage in it to legal action.

However, researchers have found other means to deduce the decryption keys to some other strains of ransomware, with Bitdefender, for instance, publishing a decryption tool for GandCrab, one of the most widespread variants.

QNAP recommended that users take a range of measures to protect themselves from the Muhstik ransomware, including using strong passwords and disabling the phpMyAdmin tool when possible.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple Criticised For App User Tracking Alert

Plan for iOS 14 to give app users the option to decline ad tracking has…

1 day ago

UK Government To Acquire £400 Million Stake In OneWeb

Watch out SpaceX's Elon Musk? British government and Bharti Global announce deal to acquire satellite…

1 day ago

Mark Zuckerberg Says Advertisers Will Be Back ‘Soon Enough’

What boycott? Facebook's boss Mark Zuckerberg dismisses growing advertiser boycott of the platform over its…

1 day ago

Police ‘Crack’ EncroChat Encryption, Resulting In Hundreds Of Arrests

Organised crime around Europe has been dealt a huge blow after authorities cracked the encryption…

2 days ago

Coronavirus: Apple Closes More Stores In US

As Coronavirus infections rise in the United States, Apple continues to close down more of…

2 days ago

The Shape Of IT In A Post COVID-19 World

Global IT spend is projected to contract 8% in 2020, according to Gartner. Gartner expects…

2 days ago