“Hey guys, I hacked back this criminal and got the whole database with (Mushtik ransomware) keys.”
The last laugh – it’s something that everyone would like to have. Turns out, a German programmer by the name of Tobias Fromel had it in a very dramatic fashion.
It all started when he was infected by the infamous Mushtik ransomware which has been used to hack publicly exposed devices network-attached devices (NAS) by QNAP since September encrypting user files with an appended .mushtik extension.
The attacker demanded 0.09 Bitcoins making up approximately 670 Euros or $765. Not the best thing to do. First Tobias paid the amount and then went on to hack the attacker’s command and control server(C&C).
Having gained access, he accessed a PHP script responsible for generating passwords for victims. Using the web shells present, he then created a new PHP file using it to generated Hardware Unique IDs(HWIDs) and their decryption keys alongside which are 2858 to be exact.
Users have since confirmed that the decryption keys are indeed legitimate.