The Muhstik Ransomware encrypts files on compromised QNAP systems using AES-256, and adds the extension ".muhstik" to files.
The ransom note "README_FOR_DECRYPT.txt" contains the following text:
All your files have been encrypted.
You can find the steps to decrypt them in any the following links:
http://184.108.40.206/.unlock/payment/[redacted ID] Could go offline at any time
http://220.127.116.11/.unlock/payment/[redacted ID] Could go offline at any time
Or use TOR link, guaranteed Online 100% of the time:
http://5mngytmdpeyyp6xk.onion/payment/[redacted ID] Use TOR browser to access .onion websites.
Do NOT remove this file and DO NOT remove last line in this file!
Your ID: [redacted ID]
*Note: This decryptor is compiled to run on Windows systems. If you are unable to transfer or access the files to a Windows-based system, you may try the below Python script, which should run from any operating system that supports running Python.