The German programmer Tobias Frömel, also known as "battleck", "pushed back" the hackers after an attack on the Muhstik malware, which forces its victims to pay 0.09 Bitcoin (BTC).
In a message posted on October 7 on the forum, Frömel writes on Bleeping Computer that he had himself hacked into the database of his alleged attackers, thus stealing these 3,000 decryption codes and decryption software, which He then provided free of charge to other victims. at.
Revenge is sweet
As Bleeping Computer had previously pointed out, Trojan Muhstik blackmail applied to QNAP NAS devices. As soon as the ransomware software has attacked a device, it asks its owner to transfer a fixed amount of 0.09 Bitcoin, so that the victims can regain access to their data. At the current price level, 0.09 Bitcoin equates to nearly 740 US dollars.
Frömel initially transferred the required amount after his system was previously invaded, after which he hacked the attackers' database. As he told Bleeping Computer, he was able to read 2,858 decryption codes that hackers had stored in their database.
Some Blackmail Trojans have already confirmed on the Bleeping Computer Help Forum that the decryption codes are working and are genuine.
With hindsight, Frömel admits that, although his "setback" is also illegal, he invokes his well-intentioned intentions as justification. Affected users who wish to reward him for their efforts can do so through a specially crafted Bitcoin wallet.
The cybersecurity company Emisoft has created a second decryption software based on Frömel 's work, which is specifically designed for AMR – based QNAP devices, as these could not be included in the program. German.
The threat of ransomware increases
Emisoft had previously released a similar solution for blackmail Bitcoin Trojan WannaCryFake.
As reported by Cointelegraph in August, McAfee Labs, a cybersecurity research firm, found that the number of blackmail cases by Trojans increased 118 percent in the first quarter of 2019.