We just released a new decryption tool for the Muhstik ransomware strain. You can download the FREE decryption tool linked below. A detailed guide is also included.
Technical details
Muhstik is a strain of ransomware that encrypts files on compromised QNAP systems using AES-256, and adds the extension “.muhstik” to files.
The ransom note “README_FOR_DECRYPT.txt” contains the following text:
All your files have been encrypted.
You can find the steps to decrypt them in any the following links: http://13.234.89.185/.unlock/payment/[redacted ID] Could go offline at any time http://51.38.231.30/.unlock/payment/[redacted ID] Could go offline at any time
Or use TOR link, guaranteed Online 100% of the time: http://5mngytmdpeyyp6xk.onion/payment/[redacted ID] Use TOR browser to access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to
Do NOT remove this file and DO NOT remove last line in this file!
Your ID: [redacted ID]
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialRegardless of what the ransom note might say, our decryption tool can help you recover your files for free. Please get in touch with our support team if you have any questions.