Tobias Fromel, A Germany-based programmer whose files were encrypted through Muhstik ransomware. Well, the hacker who hacked the hacker, I know pretty confusing. He was hacked and even had to pay the hacker ransom to get his files decrypted. It did not take long for Karma to strike back, the programmer, in turn, released around 3,000 decryption keys and even free decrypting software. However, the sad part was that Tobias had already paid the ransom of around €670 that too in bitcoin. He said that he did this to help others who are or would be attacked by Muhstik ransomware. What he did was that he attacked the ransomware’s command and control server to access the PHP script that generates passwords for new victims. This hack was a curse for him and a blessing for everybody else. Why? Because he lost his money.
The actual thing is that the hack was not exactly legal and Tobias was aware of it. He even highlighted it in his first announcement on the BleepingComputer forum but urged everyone to understand that he is not the bad guy here.
QNAP’s servers have been plagued by ransomware since November 2018 and have found great success by demanding ransoms of around 0.09 BTC (~700$) in devices with weak security and encrypting their files.
According to ZDNet, a security researcher who took note of Tobias’ actions of hacking back the hackers reported it to the authorities. However, there is a pretty thin chance that Tobias will be prosecuted for his white hatter-esque actions.
Regardless of it, Tobias did break the law here.
He is pretty active on Twitter, informing everybody of his free software and has since received around 94$ in tips.
Mushtik ransomware initially started spreading by infecting Network Attached Storage (NAS) devices which were manufactured by Taiwan based QNAP and have been reported to attack around 2,858 devices. The bad actors used brute force techniques to attack the devices which deploy weak passwords for the phpMyAdmin service, which come built-in in the devices.
Ransom attacks have also been acknowledged by the FBI and they even made a Public Service Announcement for the same, discouraging and warning people not to pay such ransoms as they will encourage further campaigns.
Even this hasn’t stopped the victims to give in. Recently, a hospital in Alabama, USA had to pay a ransom to get their files decrypted which were stored on a server infected with Ryuk ransomware. It was reported that the server was hacked at the beginning of October.
How do I protect myself from Ransomware?
While all this can be a bit too scary, protecting yourself from such attacks is relatively simple. Some of the steps one can take to protect themselves from ransomware attacks are:
- Update your windows frequently: While this might seem simple, most people ignore it. Microsoft frequently fixes security holes. WannaCry and NotPenya exploited security holes that had already been fixed by Microsoft.
- Avoid Bloatware and unnecessary software: Every operating system comes with its own set of software that can open up certain network protocols which may provide hackers with a way to get into your system. Even browser extensions can open up vulnerabilities.
- Look out for Phishers: The only way you can save yourself from Phishers is to have good judgement and an eye for potential threats. Avoid suspicious emails at all costs.
- Keep backups of your files: Do not keep your backups in a shared folder because that will open up a myriad of more vulnerabilities. Instead, consider keeping backups on a physical hard drive and even cloud backup.