Normally it works like this.
Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience.
And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after his QNAP NAS drive was hit by the Muhstik ransomware.
However, Frömel didn’t just put down the whole unpleasant episode to experience, vow to better protect his devices and employ a more reliable backup regime in future.
No, Frömel decided to hack the very people responsible for the attack.
After decrypting his own data, Frömel (who also calls himself “battleck” online) analyzed the ransomware that had infected his NAS drive, determined how it worked, “hacked back” and stole the criminal’s “whole database with keys.”
From the sound of things, whoever was behind the Muhstik attack was more successful at writing ransomware than securing their own database from a web developer.
In a posting on the Bleeping Computing forum, Frömel admitted what he had done and posted a link to a Pastebin page where he had published the stolen keys as well as the decryption software.
“hey guys, good news for you all, bad news for me cause i paid already… maybe someone can give me a tip for my hard work ^^
Furthermore, in an attempt to do some good–and deprive cybercriminals of income–Frömel has been seeking out Muhstik victims on Twitter and pointing them towards his decryption keys and instructions on how to recover their data.
Although many may feel tempted to applaud what Frömel did, hacking online criminals is not to be recommended. Frömel himself acknowledges that what he did was against the law, although I would be surprised if (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/ransomware-victim-hacks-attacker-stealing-decryption-keys/