The authors of a threat named Muhstick Ransomware have modified their threat slight. However, it still bears a resemblance to the ransomware variants it was based on. The Muhstick Ransomware appears to be a variant of the eCh0raix Ransomware and QNAPCrypt Ransomware. These file-encrypting Trojans all target QNAP NAS (Network Attached Storage) devices. Oftentimes users may store important data or sensitive information on NAS devices as they are perceived as more secure than keeping the data on one’s hard drive commonly.
Once the Muhstick Ransomware infiltrates a NAS device, it will begin encrypting all the information that is stored on it. Next, a ransom note named ‘README_FOR_DECRYPT.txt’ is dropped for the victim to read. As with most ransomware threats, the Muhstick Ransomware authors will ask the victim to pay a significant sum as a ransom fee. Usually, ransomware creators demand the ransom fee to be paid in the shape of Bitcoin, as this helps them keep their anonymity.
Over 2,800 Decryption Keys are Available Freely
Recently, a German developer’s system was infected by the Muhstick Ransomware. It appears that the user had crucial data locked by this ransomware threat and decided it is best to pay up the 670 Euro ransom fee demanded by the attackers. However, the software developer did not stop there. He decided to dedicate some time and effort to studying the Muhstick Ransomware and came across something that ended up helping many other users who had ended up in the same situation. While doing research related to the Muhstick Ransomware, the developer managed to access the attacker’s database, which appeared to be holding all the decryption keys generated for everyone who had fallen victim to them.
The database consisted of over 2,800 decryption keys. Once the keys were collected, the developer uploaded all of them on Pastebin.com and made them publicly available. This means that anyone who has fallen victim to the Muhstick Ransomware can decrypt their data for free. Furthermore, since the Muhstick Ransomware is based on the QNAPCrypt Ransomware and the eCh0raix Ransomware, the decryption keys also can be used by victims of these two data-locking Trojans as well. The software developer in question can be found on Twitter under the handle ‘Battleck.’ This is where you will find how to retrieve your data for free if you have fallen victim to the Muhstick Ransomware.
Ransomware threats are a very serious malware type that may end up leaving all your files unusable. Make sure you download and install an anti-malware application that will keep your system secure and make sure you do not happen to suffer a ransomware attack in the future.