The Muhstik Ransomware encrypts files on compromised QNAP systems using AES-256, and adds the extension ".muhstik" to files.
The ransom note "README_FOR_DECRYPT.txt" contains the following text:
All your files have been encrypted. You can find the steps to decrypt them in any the following links: http://126.96.36.199/.unlock/payment/[redacted ID] Could go offline at any time http://188.8.131.52/.unlock/payment/[redacted ID] Could go offline at any time Or use TOR link, guaranteed Online 100% of the time: http://5mngytmdpeyyp6xk.onion/payment/[redacted ID] Use TOR browser to access .onion websites. https://duckduckgo.com/html?q=tor+browser+how+to Do NOT remove this file and DO NOT remove last line in this file! Your ID: [redacted ID]
*Note: This decryptor is compiled to run on Windows systems. If you are unable to transfer or access the files to a Windows-based system, you may try the below Python script, which should run from any operating system that supports running Python.