Please note that these free tools are provided as-is and without warranty of any kind. The tools may only work with specific ransomware versions, and may not work with versions that were released after a tool was created. Technical support for the tools is available only to customers using a paid Emsisoft product.
The Muhstik Ransomware encrypts files on compromised QNAP systems using AES-256, and adds the extension ".muhstik" to files.
The ransom note "README_FOR_DECRYPT.txt" contains the following text:
All your files have been encrypted.
You can find the steps to decrypt them in any the following links:
http://13.234.89.185/.unlock/payment/[redacted ID] Could go offline at any time
http://51.38.231.30/.unlock/payment/[redacted ID] Could go offline at any time
Or use TOR link, guaranteed Online 100% of the time:
http://5mngytmdpeyyp6xk.onion/payment/[redacted ID] Use TOR browser to access .onion websites.
https://duckduckgo.com/html?q=tor+browser+how+to
Do NOT remove this file and DO NOT remove last line in this file!
Your ID: [redacted ID]
*Note: This decryptor is compiled to run on Windows systems. If you are unable to transfer or access the files to a Windows-based system, you may try the below Python script, which should run from any operating system that supports running Python.
https://download.bleepingcomputer.com/demonslay335/decrypt_muhstik.py