Ransomware Victim Hacks Attacker in a Revenge Move

Cyber-attack victim Tobias Fromel was able to get back at his attacker by hi-jacking his server. This came after Fromel paid a significant amount of money to the hacker following a ransomware attack, reported The Next Web.

A common cyber-attack tactic, ransomware takes victims’ files hostage by encrypting them. Criminals brute-force their way into victims’ devices, encrypt files and charge a ransom fee for decryption software. A similar attack cost Fromel $700 in bitcoin (0.09 BTC) along with probably many other victims.

Ransomware Victim Revenge Move

CryptoNews reported that the malicious software runs on a .muhstik extension, earning the name Muhstik. According to The Next Web, Muhstik has “plagued QNAP’s Network Attached Storage (NAS)” toward the end of September.

ADVERTISEMENT

As revenge, Fromel hacked the attacker’s server and obtained the decryption software and around 3,000 decryption keys. He then distributed the keys and software through various platforms including the BleepingComputer forum and Twitter using the handle “battleck.”

‘Not exactly legal’

The report noted that revenge-hack is “not exactly legal.” Even Fromel acknowledged the lack of legal backing of the act in his original announcement on BleepingComputer. However, he also asked forum visitors to realize that he is “not the bad guy” in the situation.

While the white hacker recognized the legal implications, The Next Web said that being penalized for it “seems unlikely.” However, a ZDNet report revealed that a security researcher has notified the authorities regarding Muhstik. It also reminded victims to “work with authorities when hacking back.”

“Nothing new’

While ransomware is common strategies by criminals, experts observed that such campaigns are “intensifying lately.” In light of this, the Federal Bureau of Investigation (FBI) released a public service announcement telling the public not to pay ransom fees. This reminder is necessary as paying “could encourage further campaigns.”

Meanwhile, Fromel was only able to recover a small part of the ransom fee he paid. According to CryptoNews, he got back 0.0114 BTC from the total amount of 0.09 BTC given to the criminal.

ADVERTISEMENT

As of this writing, the white hacker is getting in touch with possible victims of Muhstik. Fellow victims are receiving links to the decryption keys and software through his Twitter account.

However, software company Emisoft reported that Fromel’s program “didn’t work for victims running ARM-based QNAP devices.” To help with such devices, Emisoft developed its own decryptor which is available on Windows.

ADVERTISEMENT