Security News

German ransomware victim hacks back

Avast Security News Team, 11 October 2019

Plus, the FBI cautions some cyberattacks can bypass MFA; 37,000 Canadian TransUnion customers may be compromised; and French experts warn of multiple cyber-espionage incidents

After paying his attacker €670, ransomware victim Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key. Called “Muhstik” Ransomware because the encrypted files get a .muhstik extension, the attack locks victims out of their files unless they pay a ransom by a given date. Frömel, a German programmer, shared the fruits of his hacking labor on Twitter and Bleeping Computer’s forum, providing victims with their decryption keys as well as a decryptor tool they would also need to restore their files. Hacking back may have served justice in this case, but it’s not necessarily the right approach for all victims, says Avast Evangelist Luis Corrons. “A better approach might be to contact law enforcement instead of going public,” Corrons says. “Although it could take longer, chances are that the cybercriminals behind ransomware could be charged and arrested.”

This week’s stat 

Companies that reported above-average diversity on their management teams also reported innovation revenue that was 19 percentage points higher than that of companies with below-average leadership diversity. Read Robin Selden on rethinking diversity. 

FBI warns attacks can bypass multi-factor authentication

The FBI warned in a security advisory of the rising threat of cyberattacks that circumvent MFA (multi-factor authentication), ZDNet reported. MFA is an extra security protocol offered by many online accounts in which users validate their identity through an extra step, such as a PIN sent to their phone or an additional security question to answer. The FBI specifically called out SIM swapping, MFA webpage vulnerabilities, and targeted attacks by credential-stealing phishing tools as the leading methods used by cybercriminals. The FBI said MFA remains a powerful safeguard, and Avast’s Corrons agreed: “MFA is a must, and cybercriminals will first go after the low hanging fruit of people not using it.” Strong passwords remain a powerful defense before attackers reach the MFA stage of a hack. Learn more about strong passwords here. 

This week’s quote

"Low awareness of the problem is a problem, as well. At Avast, we believe people should have more control personally over their data and how it is manipulated." – Avast CEO Ondrej Vlcek on privacy risks related to AI and the IoT.

37,000 Canadians at risk in TransUnion hack 

A hacker used stolen credentials to access the database of Canadian credit agency TransUnion, potentially compromising the personal information of 37,000 customers, the CBC reported. In a statement on Wednesday, the credit agency did not specify the data accessed, but did report that the hack occurred in June and July. Credit check information typically includes names, dates of birth, current and former addresses, credit and loan history, and sometimes social insurance numbers. The attacker breached the company through the Canadian Western Bank’s leasing division. A company spokesman said the investigation is still ongoing and that TransUnion is looking for ways to strengthen its security protocols moving forward. 

French security agency warns of ongoing cyber-espionage

The National Cybersecurity Agency of France has posted several reports and plans to publish more on a dedicated page detailing cyber-espionage campaigns. According to ZDNet, one report identified the targeting of service providers and engineering firms. Another report on the page describes a large-scale phishing campaign stealing login credentials from governments. These and future reports, the agency hopes, will arm French and foreign companies with the technical information they need to prevent and block future attacks. 

This week’s ‘must-read’ on The Avast Blog

How do we make sense of the General Data Protection Regulation? Fines have hit private companies, municipalities, political parties, and hospitals. The offenders range from large media companies and banks to a kebab restaurant and a police officer. Read more. 


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.