Muhstic Ransomware Victim Hacks Back | Avast

After paying his attacker €670, ransomware victim Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key. Called “Muhstik” Ransomware because the encrypted files get a .muhstik extension, the attack locks victims out of their files unless they pay a ransom by a given date. Frömel, a German programmer, shared the fruits of his hacking labor on Twitter and Bleeping Computer’s forum, providing victims with their decryption keys as well as a decryptor tool they would also need to restore their files. Hacking back may have served justice in this case, but it’s not necessarily the right approach for all victims, says Avast Evangelist Luis Corrons. “A better approach might be to contact law enforcement instead of going public,” Corrons says. “Although it could take longer, chances are that the cybercriminals behind ransomware could be charged and arrested.”

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/muhstic-ransomware-victim-hacks-back-avast