Programmer Hacks Ransomware Crooks, Releases Decryption Keys

A German programmer has released decryption keys for a strain of ransomware after himself falling victim to the malicious code.

Tobias Frömel, a Bavarian developer and web designer, said he paid 670 euros (£598) to the developers of the Muhstik ransomware after he was hacked.

Muhstik targets NAS storage devices made by Taiwan’s QNAP Systems, according to an advisory released by QNAP last week.

The malware tries common passwords on the internet-connected storage devices and, if it gains entry, encrypts the drives’ contents and charges a ransom to decrypt them.

Reverse hack

Frömel said that after recovering from his own attack he located the control servers belonging to the Muhstik gang and carried out a hack of his own to obtain the group’s database of decryption keys.

He released the more than 2,000 keys in a text file on the Pastebin code snippet website, along with a decryption tool.

“I hacked back this criminal and got the whole database (of) keys,” Frömel said in a message posted to the forums of tech help site Bleeping Computer.

He said he was aware it was “not legal” to hack criminals’ systems, but added, “I’m not the bad guy here.”

White hat

Frömel also contacted authorities and provided information about the Muhstik group, according to a security researcher cited by ZDNet.

So-called “white hat” hacking is a controversial practice that exposes those who engage in it to legal action.

However, researchers have found other means to deduce the decryption keys to some other strains of ransomware, with Bitdefender, for instance, publishing a decryption tool for GandCrab, one of the most widespread variants.

QNAP recommended that users take a range of measures to protect themselves from the Muhstik ransomware, including using strong passwords and disabling the phpMyAdmin tool when possible.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft Granted ‘Mass Market’ Export Licence For Huawei

Sign of a thaw? Huawei will be still be able to utilise Microsoft software after US Dept of Commerce grants…

10 hours ago

Big Data: Ecosystems and Infrastructure

As data proliferates, creating robust, integrated and secure infrastructures is essential for all businesses no matter their size. Understanding how…

10 hours ago

French Hospital Offline After Ransomware Attack

French hospital in Rouen forced to use pen and paper, after ransomware knocked out computers and servers

11 hours ago

Russia Bans Electronic Sales Unless Russian Software Is Pre-installed

Electronic devices such as smartphones, computers and smart televisions must come pre-loaded with Russian-made software

12 hours ago

Xerox Threatens Hostile Takeover After HP Rejects Offer

Xerox has said that HP must respond by 25 November or it will launch a hostile bid, after HP rejected…

1 day ago

Google To Restrict Political Adverts Worldwide

Political adverts that target sections of people will no longer be allowed on Google's platforms worldwide

1 day ago