German Programmer Hacked Bitcoin Ransomware Server in Response to Attack
A German programmer hacked the bitcoin ransomware distributor server Muhstik after paying 0.09 BTC to restore access to files. Tobias Fromel (nickname battleck) wrote a message on the Bleeping Computer forum telling he managed to get the entire database of encryption keys and a decryptor program, which he posted on the network for 2858 victims of the attacker for free. Fromel agreed that his actions were illegal, but given that the virus distributor used hacked servers, he called himself “not the worst guy” in this situation. He also noted that he had paid € 670 to ransomware to decrypt cryptocurrency files. Providing free tools for decrypting files to victims of the Bitcoin ransomware, Fromel mentioned his BTC wallet for a voluntary reward for the work he did. In a comment on a forum thread dedicated to Muhstik, users confirmed that the computer identifiers (HID) from battleck are correct, and the keys with the decoder work.