German Programmer 'Hacks Back' After Bitcoin Ransomware Attack

German programmer Tobias Frömel has "Hacked back" the perpetrators of the Muhstik ransomware who forced him to pay 0.09 Bitcoin to recover access to his files.

In a Bleeping Computer forum post on Oct. 7, Frömel revealed that he had hacked the attackers' database, sharing almost 3,000 decryption keys and a free decryptor with fellow victims.

Bleeping Computer previously reported that publicly exposed QNAP NAS devices have been targeted by ransomware dubbed Muhstik.

The attackers extorted a fixed "Fee" of 0.09 Bitcoin - roughly $740 at press time - from victims to recover access to their data via decryption keys.

Having himself paid €670 to the Muhstik perpetrators, Frömel hacked back their command and control server.

Victims have since confirmed in BleepingComputer's Muhstik support and help forum that the HWIDs are accurate and that the decryptor works.

Having succeeded in his task, Frömel conceded that his action was illegal, but argued that it was well-intentioned.

Since Frömel's work, anti-virus firm Emsisoft has released decryption software for victims running ARM-based QNAP devices, which reportedly were not supported in Frömel's release.

Last month, Emsisoft also released a new free fix for the Bitcoin-demanding ransomware WannaCryFake.

In August, Cointelegraph reported that McAfee Labs' research indicating that ransomware attacks had increased by 118% in the first quarter of 2019.