Surely if both victim and thief have Enom accounts, you just use the same trick to steal the domain back again?
Step 5 of the M group's advisory (linked to in the original article):
(optional) Immediately transfer the domain elsewhere by changing the IPS tag and registrant email address making the domain extremely difficult if not impossible to recover without a manual intervention
Biting the hand that feeds IT
