Emsisoft releases new decryptor for Muhstik ransomware

Muhstik Decryptor

We just released a new decryption tool for the Muhstik ransomware strain. You can download the FREE decryption tool linked below. A detailed guide is also included.

Emsisoft Decryptor for Muhstik

Emsisoft Decryptor for Muhstik

Technical details

Muhstik is a strain of ransomware that encrypts files on compromised QNAP systems using AES-256, and adds the extension “.muhstik” to files.

The ransom note “README_FOR_DECRYPT.txt” contains the following text:

All your files have been encrypted.

You can find the steps to decrypt them in any the following links: http://13.234.89.185/.unlock/payment/[redacted ID] Could go offline at any time http://51.38.231.30/.unlock/payment/[redacted ID] Could go offline at any time

Or use TOR link, guaranteed Online 100% of the time: http://5mngytmdpeyyp6xk.onion/payment/[redacted ID] Use TOR browser to access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to

Do NOT remove this file and DO NOT remove last line in this file!

Your ID: [redacted ID]

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial
Successful decryption of Muhstik

Successful decryption of Muhstik

Regardless of what the ransom note might say, our decryption tool can help you recover your files for free. Please get in touch with our support team if you have any questions.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next