Bad actors behind the Muhstik ransomware got served by one of their victims, Tobias Frömel, who is a German programmer. Although the revenge taken by Frömel was unlawful, he argued that the intention behind doing so wasn’t ill. Not did he only hacked the attackers’ database, he also shared about 3,000 decryption keys and a free decryptor to facilitate other victims. He said:
I hacked back this criminal and get the whole database with keys….And yeah, I know it was not legal from me too but he used already hacked servers with several webshells on it… and I’m not the bad guy here.
Previously, Bleeping Computer, a computer help site where Frömel is an employee, revealed that Muhstik ransomware targetted QNAP NAS devices and demanded about 0.9 bitcoin i.e $740 from victims. In return for the ransom, the perpetrators of the Muhstik ransomware were to return the data of victims. Particularly, the decryption keys giving access to data back to the victims were to be provided to victims paying the ransom.
Although Bleeping Computer had to pay the ransom to hackers, due to Frömel’s disclosure of keys, many other victims of Muhstik ransomware don’t have to pay any fees to attackers for recovering their data. They can simply get access to their data back while using the key and decryptor.
However, as Frömel couldn’t help his company Bleeping Computer on time by finding the relevant key, he left a wallet address for other victims, recovering their data due to his efforts, to tip him. As per the forum on Bleeping Computer, keys provided by Frömel were accurate and the decryptor suggested by him was very helpful.
In addition to the victims of Muhstik ransomware, victims of HildaCrypt Ransomware also got lucky as keys aiding the victims to get back their data were released last Friday. Apart from that, anti-virus firm Emsisoft has also facilitated ARM-based QNAP devices by releasing a decryption software for victims not supported in Frömel’s aforementioned release.
While Frömel was able to not let attackers of Muhstik ransomware succeed, a few months ago, ransomware attackers targeting the city of New Bedford were also stopped successfully and about $5.3 million worth of bitcoin were saved.
At that time, the city authorities offered $400,000 to attackers who later rejected the offer immediately because it was less than what they had demanded i.e $5.3 million. Afterward, attackers failed to get even a single penny as the compromised data was restored and retrieved successfully and attackers lost their bargain power completely.
Cyber and ransomware attacks in the space have been quite common, especially in 2019. As per reports published by McAfee, there was an increase in crypto-jacking and ransomware attacks. Besides, it was revealed that during Q1 of 2019, several new ransomware families have emerged showing that bad actors used advanced tactics and innovative techniques to target businesses. Apart from the Windows operating system, it was mentioned that even Apply OS was under several cyber attacks.
As bitcoin is a programmed currency, hackers and scammers in the space have been trying various techniques to steal as much of digital assets as possible. Although Frömel and New Bedford were quite lucky in escaping successfully, precautionary measures should be taken by businesses in space to prevent cyber and ransomware attacks.