German programmer Tobias Frömel (aka “battleck”) took revenge on a hacker by hacking back into his system. The perpetrators of Muhstik ransomware forced him to pay 0.09 Bitcoin to help him recover access to his files. Frömel revealed that he attacked the hacker’s database to have his revenge as he shared 3000 decryption keys and a free decryptor with the other victims.
Bleeping Computer revealed previously that publicly exposed QNAP NAS devices are under attack by ransomware dubbed as Muhstik. The attackers were able to collect a “fee” of 0.09 Bitcoin (approximately $740) from victims to recover access to their data with the help of decryption keys.
When Frömel figured out the scam, he decided to take revenge as he had already paid $0.09 BTC to them. He hacked their command and control server to gain access to the decryption keys for almost 3000 Muhstik victims who stored the attacker’s database.
Victims have backed up this move by telling that the decryption keys recovered are accurate and that the decryptor provided is also working perfectly. Frömel agreed that the action he took was illegal, but he argued that the intentions behind this were good. He even offered his Bitcoin wallet address for fellow victims to tip him for his work.
After Frömel’s move, anti-virus firm Emsisoft released its decryption software for victims who were running on ARM-based QNAP devices. Last month, Emsisoft released a free fix for Bitcoin-demanding ransomware, WannaCryFake.