Victims hacked hackers' servers when they were caught paying ransom, rescuing thousands of other victims
Tobias Frömel, a German programmer and a victim of ransom to recover data stolen by hackers. This guy hacked the hackers' own device and helped unlock thousands of other victims of data theft.
Specifically, at the end of September, network-attached storage devices (NASs) manufactured by Taiwan hardware supplier QNAP were attacked with ransomware software called Muhstik. Hackers have encrypted data files and required each victim to pay 0.09 bitcoins, about $ 700 ransom.
After paying the ransom, Frömel analyzed the ransomware to understand how it works. After that, this guy decided to hack the server of the hacker.
Based on the data and information contained in the server, Frömel accessed the PHP script, created a new password and decoded for 2,858 victims who were hacked just like they were stored in the database.
Frömel also published a decoder on the BleepingComputer forum and a Twitter post that all Muhstik victims could use to unlock their files.
In his announcement, Frömel made it clear that he was not a bad guy and that his actions were not revenge. He knew it was illegal.
Some victims have used Frömel's decoder to decrypt their files themselves and have succeeded. Some even gave Frömel some bitcoins to thank.
A security researcher informed the authorities when he saw Frömel's share. He provided information on the behind hackers' party to the authorities in the hope that they would catch them soon. He added that Frömel's actions helped thousands of victims, making it difficult to be prosecuted even though it was an illegal act. The security researcher also advised Frömel to help the authorities track down the attackers.
To decode files encrypted by Muhstik, security firm Emsisoft has also released a decoder running on Windows operating systems. Compared to Frömel's way, this decoder has a simpler way of working. You can access the link below to use this decoder if you are a victim of Muhstik.
https://www.emsisoft.com/ransomware-decryption-tools/muhstik
- Just 5 minutes, hackers make 'ATM automatically release money', no password needed, no transaction record on the system
- New hacker tricks, increasingly more sophisticated, to avoid being exposed
You should read it
- Even DSLR cameras can be easily attacked by ransomware
- If there is not enough ransom for the file, send an email to complain to the hacker, maybe you will get a surprise gift
- Shade ransomware, the nightmare of 5 years ago is showing signs of returning
- Mexico's largest oil and gas corporation has been attacked by ransomware, presenting a cyber security disaster
- Warning: Dangerous new malicious code spills over to Vietnam
- 7 kinds of ransomware you didn't expect
- Shade Ransomware stopped working, apologized to the victims, and released 750,000 decryption keys
- STOP - Ransomware is the most active in the Internet but rarely talked about
- Detecting a new ransomware strain, not asking for data ransom, but only needing the victim to join the Hacker's Discord server
- Why is Ransomware the perfect hack?
- Ransomware (ransomware) is showing signs of explosion worldwide, paying is no longer the most effective option.
- Disable malicious HiddenTear Ransomware with HT Brute Forcer
Maybe you are interested
Mapping Cyber Incidents with Windows Timeline: The What and When of Digital Forensics
Y2Mate: Download high quality YouTube mp3 music, extremely fast
How to calculate the number of days between two time points extremely quickly using Excel
How to change Google Chrome wallpaper on computer extremely simple
Windows 11 is about to support an extremely useful webcam feature
Extremely simple tip to hide your Snapchat account name