Victims hacked hackers' servers when they were caught paying ransom, rescuing thousands of other victims

Tobias Frömel, a German programmer and a victim of ransom to recover data stolen by hackers. This guy hacked the hackers' own device and helped unlock thousands of other victims of data theft.

Specifically, at the end of September, network-attached storage devices (NASs) manufactured by Taiwan hardware supplier QNAP were attacked with ransomware software called Muhstik. Hackers have encrypted data files and required each victim to pay 0.09 bitcoins, about $ 700 ransom.

After paying the ransom, Frömel analyzed the ransomware to understand how it works. After that, this guy decided to hack the server of the hacker.

Based on the data and information contained in the server, Frömel accessed the PHP script, created a new password and decoded for 2,858 victims who were hacked just like they were stored in the database.

Frömel also published a decoder on the BleepingComputer forum and a Twitter post that all Muhstik victims could use to unlock their files.

Victims hacked hackers' servers when they were caught paying ransom, rescuing thousands of other victims Picture 1

In his announcement, Frömel made it clear that he was not a bad guy and that his actions were not revenge. He knew it was illegal.

Some victims have used Frömel's decoder to decrypt their files themselves and have succeeded. Some even gave Frömel some bitcoins to thank.

A security researcher informed the authorities when he saw Frömel's share. He provided information on the behind hackers' party to the authorities in the hope that they would catch them soon. He added that Frömel's actions helped thousands of victims, making it difficult to be prosecuted even though it was an illegal act. The security researcher also advised Frömel to help the authorities track down the attackers.

Victims hacked hackers' servers when they were caught paying ransom, rescuing thousands of other victims Picture 2

To decode files encrypted by Muhstik, security firm Emsisoft has also released a decoder running on Windows operating systems. Compared to Frömel's way, this decoder has a simpler way of working. You can access the link below to use this decoder if you are a victim of Muhstik.

 https://www.emsisoft.com/ransomware-decryption-tools/muhstik 

1. Just 5 minutes, hackers make 'ATM automatically release money', no password needed, no transaction record on the system
2. New hacker tricks, increasingly more sophisticated, to avoid being exposed