Everything you do comes back to you. It’s called karma – This stood true for a hacker who hacked a programmer and got hacked by him in return.
Germany-based programmer Tobias Fromel who was affected by Muhstik ransomware, released around 3,000 decryption keys as well as the free decryptor software which he acquired by hacking the hacker behind the ransomware.
Fromel, who paid a ransom of €670 to decrypt his files, said he did this to help others who were attacked by the ransomware. He attacked the ransomware’s command and control server to access the PHP script that generates passwords for new victims.
Speaking to Bleeping Computer, Fromel said he created a new PHP file to output HWIDs and decryption keys.
“I know it was not legal from me,” wrote Fromel in a text file containing the decryption keys that he posted on Pastebin.
According to ZDNet, a security researcher who saw that Fromel hacked back the hacker for revenge informed the authorities about Fromel as well as the gang operating behind the Muhstik ransomware.
Despite the fact that what Fromel did is against the law, there are very fewer chances that he will be prosecuted by the authorities.
Muhstik ransomware started affecting Network-Attached Storage (NAS) devices manufactured by QNAP, a Taiwanese company in September, and has so far attacked as many as 2,858 devices. The bad actors behind the ransomware used the brute-force technique to attack those who have deployed weak passwords for the phpMyAdmin service, which comes built-in in the devices.
After encrypting the files of the target, the ransomware demands 0.009 Bitcoin or $700 USD for decrypting the files.