Tobias Frömel was a victim of the Muhstik Ransomware, who paid $735 USD for a decryption key after his NAS device was infected by the malware. With no backups and no known decryption keys that would work for him, Frömel found himself frustrated that he put himself into this position. After he paid the ransom, he did not just sit back and try to better protect himself from the next attack, he took action. Frömel analyzed the malware that was on his device after he paid the ransom, determined how it worked and went after the attacker who hacked him. By “hacking back” against the attacker, Frömel managed to breach the database that the attacker used to store the decryption keys and steal them. Frömel then posted them to Pastebin for anyone to find and use if they have been attacked. Going one step further, Frömel, who goes by “battleck” on Twitter, made it his mission to seek out those attacked by the ransomware and share with them that the keys were now posted publicly. Frömel admitted that he knew what he did was illegal and should not be done by others.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for