Tobias Formel, a German developer, is one of the many victims of ransomware called Muhstik. However, the authors of this malware certainly did not anticipate such a scenario.
Muhstik is one of many ransomware that encrypts files on the victim’s device and demands a ransom in exchange for decrypting them. The ransom amount of this particular ransomware is about $ 700 (0.09 bitcoin).
An unusual scenario
Tobias cared about his files so he paid a ransom, which was about 670 euros ($ 735). He received a decryptor thanks to which he recovered his files. However, he did not stop there. He decided to fight back. As soon as he recovered his files, he used his programming knowledge and analyzed exactly how this malware works. He also hacked into cyber criminals’ servers, stole a database with available decryption keys and published an antidote with a manual how to use it (https://www.bleepingcomputer.com/forums/t/705604/muhstik-qnap-ransomware-muhstik-support-topic/page-9#entry4882035).
Tobias Formel's campaign
Tobias was very involved in the campaign to promote his non pleasent adventure. Acting in spite of cyber criminals, the developer mainly publishes on his Twitter posts discouraging victims from paying ransom and publishes links to download vaccines. Well, cyber criminals certainly did not expect such a scenario. I congratulate Tobias on the idea and activities for the victims (and loss for criminals).