Stories
Slash Boxes
Comments

SoylentNews is people

Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys

posted by chromas on Thursday October 10 2019, @02:39AM   Printer-friendly

upstart writes for SoyCow9088:

Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys

Since the end of September, an attacker has been hacking into publicly exposed QNAP NAS devices and encrypting the files on them. This ransomware has been named Muhstik based on the .muhstik extension appended to encrypted files.

The attacker would then demand 0.09 bitcoins, or approximately $700 USD, for a victim to get their files  back.

After paying a ransom of €670, a victim named Tobias Frömel said enough is enough, and hacked back the attacker's command and control server.

Frömel told BleepingComputer that the server contained web shells that allowed him to get access to the PHP script that generates passwords for a new victim. The relevant portion of the PHP script from the command and control server that generates a key and inserts it into the database can be seen below.

Frömel told us that he used the same web shell to create a new PHP file based on the key generator and used it to output the HWIDs, which are unique per victim, and decryption keys for the 2,858 Muhstik victims stored in the database.

The HWIDs and their associated decryption keys were then shared with the victims in BleepingComputer's Muhstik support and help topic and with victims on Twitter. This post includes a link to the keys on Pastebin and a free decryptor uploaded to Mega.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Funny) by Anonymous Coward on Thursday October 10 2019, @04:00AM (3 children)

    by Anonymous Coward on Thursday October 10 2019, @04:00AM (#905046)

    Remember when encryption was illegal? Those were the good old days. When anything stronger than a Caesar cipher would get your ass thrown in prison for espionage. We didn't have ransomware back then. We had lots and lots of harmless viruses though. And Hanson. Mmm, bop.

    Starting Score:    0  points
    Moderation   +2  
       Funny=2, Total=2
    Extra 'Funny' Modifier   0  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Thursday October 10 2019, @04:57AM

    by Anonymous Coward on Thursday October 10 2019, @04:57AM (#905058)

    Do you believe criminals who have already committed crimes and violated laws will respect the law you refer to?

  • (Score: 0) by Anonymous Coward on Thursday October 10 2019, @01:15PM (1 child)

    by Anonymous Coward on Thursday October 10 2019, @01:15PM (#905172)

    No. Encryption was never illegal nor could you be arrested for it.

    • (Score: 2) by etherscythe on Friday October 11 2019, @04:30PM

      by etherscythe (937) on Friday October 11 2019, @04:30PM (#905874) Journal

      Well, maybe not for possession at home. But, I watched Revolution OS ([url=https://www.youtube.com/watch?v=4vW62KqKJ5A] ) awhile back and I seem to remember someone talking about how compiled PGP was export restricted, but the source code wasn't. So you could carry the source code printed out as a book and nobody would care, but take that disk with the actual program code and you'd be in big-prison trouble. It was nonsensical, but it was still considered to be a state-level weapon.

      --
      "Fake News: anything reported outside of my own personally chosen echo chamber"