Programmer hacks his attacker; releases decryption keys for Mushtik ransomware

Programmer hacks his attacker; releases decryption keys for Mushtik ransomware

“Hey guys, I hacked back this criminal and got the whole database with (Mushtik ransomware) keys.”


The last laugh – it’s something that everyone would like to have. Turns out, a German programmer by the name of Tobias Fromel had it in a very dramatic fashion.


It all started when he was infected by the infamous Mushtik ransomware which has been used to hack publicly exposed devices network-attached devices (NAS) by QNAP since September encrypting user files with an appended .mushtik extension.


The attacker demanded 0.09 Bitcoins making up approximately 670 Euros or $765. Not the best thing to do. First Tobias paid the amount and then went on to hack the attacker’s command and control server(C&C).

Having gained access, he accessed a PHP script responsible for generating passwords for victims. Using the web shells present, he then created a new PHP file using it to generated Hardware Unique IDs(HWIDs) and their decryption keys alongside which are 2858 to be exact.


Afterward, he shared the entire incident on a support forum for the Mushtik Ransomware attaching links for both accessing the decryption keys and a free decryption software as well.



Tobias’s post on October 7th, 2019


Users have since confirmed that the decryption keys are indeed legitimate.



programmer hacks attacker releases decryption mushtik ransomware