A cybercrime victim whose QNAP network-attacked storage (NAS) device was recently infected with Muhstik ransomware decided to try and hack back the attackers, which was a rather successful effort: the victim managed to obtain nearly 3,000 decryption keys for Muhstik ransomware victims, which he released for free.
Muhstik ransomware has been targeting publicly exposed QNAP NAS devices since late September. Once the ransomware obtains access to a device, it encrypts all the contents. Victims are shown a note demanding a ransom of 0.09 bitcoins (worth around $700 USD) for the decryption key. One Muhstik victim recently obtained access to the command and control server used by the threat actors. The victim was able to access a PHP script that generates decryption keys for ransomware victims. This allowed the victim to obtain the decryption keys for almost 3,000 other victims. The victim published the decryption keys on Pastebin together with a free decryptor that victims can use to recover their data. The victim stated that he actually paid the ransom before deciding to hack back. He acknowledged that hacking the server “was not legal from me too but he [the attacker] used already hacked servers with several webshells on it… and im not the bad guy here.”
Read more: Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys
