A ransomware victim that paid Bitcoin to unlock his files has enacted sweet vengeance on his attackers, by hacking them right back.
As part of his retaliation, German programmer Tobias Frömel (aka “battleck”) released almost 3,000 decryption keys to assist others hit by the Muhstik ransomware, alongside free decryption software, BleepingComputer reports.
The thing is, this revenge-hack wasn’t exactly legal. Frömel highlighted this in his original announcement on the BleepingComputer forum yesterday morning, but urged readers to understand that he’s “not the bad guy here.”
The Muhstik ransomware hackers have plagued QNAP’s Network Attached Storage (NAS) devices since the end of September.
They’ve found success by brute-forcing their way into devices with weak passwords, encrypting files and demanding 0.09 BTC ($700) of their victims to unlock them.
As for Frömel, though, it seems unlikely he’ll suffer any ramifications, but a ZDNet report indicates that at least one security researcher has made authorities aware of the situation.
Still, he’s on Twitter notifying other victims that his decryption software is available for free. So far, Frömel has received two tips for his efforts, worth a combined 0.01148348 BTC ($94).
Ransomware attacks are nothing new, but they have been intensifying lately. The FBI even recently shared a public service announcement warning against paying to restore files as it could encourage further campaigns.
Although, this hasn’t stopped victims from giving in. Three hospitals in Alabama recently paid the hackers behind the Ryuk ransomware to unlock compromised systems which had been infected at the start of October.
You can read up on how to protect yourself against ransomware here .
Update 15:55 UTC, October 8: Anti-virus firm Emsisoft has since contacted Hard Fork to say that the decryption software that was released didn’t work for victims running ARM-based QNAP devices.
For those victims running such devices (as well as those that may prefer to safely run software created by Emsisoft, rather than Frömel’s), the company has created its own Muhstik decryption tool.
It can be found here .
Want more Hard Fork? Join us in Amsterdam on October 15-17 to discuss blockchain and cryptocurrency with leading experts.
US state regulator slaps ‘fraudulent’ ICOs with cease and desist orders
A US state regulator is cracking down on two New Jersey-based initial coin offerings ( ICO ) offering “fraudulent unregistered securities .”
The Bureau of Securities issued emergency cease and desist orders as part of “Operation Cryptosweep” – an international crackdown on fraudulent ICOs and cryptocurrency -related investment schemes – against Zoptax LLC (also known as Zoptax) and Unocall.
“Today’s action demonstrates that our Bureau of Securities stands ready to enforce our investor protection laws in cases involving initial coin offerings and cryptocurrency -related investment schemes,” said Attorney General Gurbir S. Grewal.
“As innovation in the online cryptocurrency -related investment market continues, market players need to understand that the rules still apply to them,” he added.
According to the Bureau, Zoptax was offering investors unregistered securities through its website in the form of an ICO and using a cryptocurrency called Zoptax Coins . It was also looking to raise between $500,000 and $3.4 million through its ICO .
Unocall was looking to launch an ICO of its Unocall token, and offering customers the opportunity to purportedly earn a guaranteed interest of “0.18 – 0.88percent” per day.
It was looking to build an ecosystem which would offer users the chance to buy and trade Unocall tokens, altcoins, and fiat currencies through their UNOpay Mobile Wallet.
The taskforce, which was first set up in April 2018, has so far launched more than 130 new investigations of ICOs and cryptocurrency -related investment products and completed 35 enforcement actions.
This is a stark reminder that, although regulators are facing a tough job when it comes to controlling what happens in the cryptocurrency market , they do often rise up to the challenge .
ABN AMRO isn’t making a Bitcoin wallet – but it might
There are a multitude of options when it comes to deciding where and how to store your cryptocurrency and the security keys that make it all possible.
You could store your coins in hardware wallets, software wallets , on the exchange you bought them from, or use some other custodial service to look after them for you. All have their pros and cons , but with Dutch bank, ABN AMRO‘s latest news, there looks to be a new kid on the block.
Earlier this week, ABN AMRO appeared to confirm via Twitter that it’s running a trial of a new cryptocurrency wallet with 500 select customers. The wallet, called “Wallie,” is said to offer a digital asset storage tool as part of ABN AMRO’s run-of-the-mill online banking portal.
According to imagery shared on Twitter , the trial will offer customers the opportunity to test the wallet which promises an easy and familiar way to manage your Bitcoin.
It seems Bitcoin is the only coin supported at the moment.
Credit: Lekker Cryptisch
However this isn’t entirely the case. The email that was sent to customers was to gauge interest and opinion on whether they even want a Bitocin wallet, and if so, what features it should have. The images being shared on Twitter are just mock ups.
“Earlier this month, ABN AMRO asked 500 clients via email whether they would be interested in a [Bitcoin] wallet. If so, they could follow a link in the email to a mock up design and answers questions about what features the bitcoin wallet should have, should we decide to design one,” an ABN AMRO spokesperson told Hard Fork. “So this is one of our ways to engage with clients and find out what kind of services they want.”
Despite the obvious fanfare surrounding the possible release of an official bank supported Bitcoin wallet, the ABN AMRO spokesperson made it clear to Hard Fork that “t here is no actual bitcoin wallet to be tested, not even a beta version.”
Indeed, according to further Tweets , ABN AMRO confirmed that it has rolled out the trial to investigate and understand what role it should be playing the cryptocurrency world. The bank is currently in talks with financial regulators, the Autoriteit Financiële Markten (AFM) and De Nederlandsche Bank (DNB), to understand what it is that customers need from banks in relation to cryptocurrencies.
Some outlets also reported that ABN AMRO would be offering €6,000 ($6,800) worth of insurance against any digital assets held in the wallet. When asked, ABN AMRO’s spokesperson was unable to comment and clarify this any further.
So let’s all take a step back for a moment. Depending on how this trial inquiry goes, we might not even get a real life “Wallie”. However, it’s a positive sign that the bank is moving cautiously to carefully consider what its role should be in a future filled with cryptocurrencies.
A change of tone?
This news might mark the beginning of a change of tone from ABN, which has historically been very apprehensive of Bitcoin and other cryptocurrencies.
Of course, when any bank starts flexing its corporate muscle in the world of cryptocurrencies it’s going to divide the community. “Not your keys, not your coins” is a common retort you’ll hear in retaliation to this news.
Indeed, how you store your cryptocurrency is a contentious issue. It’s fraught with technological, moral, and ideological dilemmas.
If you buy into cryptocurrency because you disagree with the way banks operate and the governmental control over fiat money, then having your private keys stored in a bank probably isn’t for you. But I bet you have some fiat in a bank right now. So why should storing some cryptocurrency in a bank be any different.
That said, if you decide to hold your cryptocurrency yourself you are also responsible for its keys. Lose the seed phrase, you lose your coins. There’s the possibility that your house burns down and takes all your cryptocurrency with it.
For some people, keeping your cryptocurrency in a bank, potentially protected by some insurance is the safest bet. Of course in this case we’d also want to see regulations that support the customer and their right to control the funds as they please.