Is it ever appropriate to hack the hacker who hacked you? That is, is it ever right to hack back in retaliation? I’ll leave that question up to you but technically it is still illegal. However, in one case a victim-turned-vigilante not only served their own justice, but also shared some love with the impacted community as well.
On October 10, 2019, HackRead released a story about a fellow named Tobias who was infected with the Mushtik ransomware. This is a variant that targets network attached storage (NAS) devices, such as QNAP. After dishing out the ransom of 670 EUROs ($738.73 USD), Tobias took it upon himself to follow the breadcrumbs back to the command and control server. There Tobias was able to gather decryption keys and made a decryptor tool. Users simply have to check the ID in the ransom note against Tobias’ dump, then use their corresponding decryption key with the decryptor software.
One thing to note is that the fix targets units with Intel-based processors and not ARM-based processors. A work-around was to back up the encrypted files onto an external drive and try using an Ubuntu system. Many users have reported a successful decryption using the provided tools.
There is an easily avoidable solution to ransomware attacks: have multiple sets of backups. NAS devices are not backups, they’re simply storage pools holding data that offer convenient ways of accessing and managing said data. That’s not enough. It is vital to have additional backups, either to the Cloud or, more preferred, offline backups. Yes, offline backups. They are manually intensive, so to speak, in that you must plug in external drives, run the backup, then remove the external drives. As convenient as automated backups are, malware can often times detect these attached solutions and spread onto them as well. A good old manual backup, on a regular schedule, will help ensure you have the latest copy of your data ready to go in a time like this. It’s wise to use multiple external drives at that!