Bitcoin Ransomware Hacking Victim Hacks The Hackers

Eimantas Žemaitis
Last updated: | 1 min read

A victim of a Muhstik Ransomware attack paid in bitcoin (BTC) to unlock his files just to strike back and hack his hackers. In turn, he released nearly 3,000 decryption keys for other victims, along with free decryption software.

Source: iStock/urbazon

German programmer Tobias Frömel was forced to pay 0.09 BTC (USD 700) after attackers hacked into one of his publicly exposed QNAP Network Attached Storage (NAS) devices and encrypted its files. The ransomware has been named Muhstik due to .muhstik extension affixed on the stolen encrypted data and has been claiming victims for the past few weeks.

The ransomware attacks have been a popular way for many hackers to make money, particularly cryptocurrencies. The Muhstik ransomware found success by breaching into users devices with weak passwords by brute-forcing them.

However, what the hackers didn’t expect was that Frömel is going to hack their command and control server, and retrieve decryption keys of 2,858 Muhstik victims, reported BleepinComputer. As of now, the keys are available publicly for free together with Frömel’s decryption software. Besides, software company Emsisoft has made a Muhstik decryptor for Windows users who fell victim to the ransomware.

Muhstik ransomware form
Frömel’s original post at BleepingComputer forum. Source:

Despite that, so far, the hack doesn’t seem to be a fortunate venture for its initial victim, Tobias. Looking at his provided wallet address, it can be seen that so far, despite the good deed, he only got 0.0114 BTC back, which is still far off the 0.09 BTC that he paid for the hackers.

Learn more: How Crypto YouTuber Scammed a Scammer and Donated the Money to Charity