On Sunday, the cybercrime group behind the FonixCrypter ransomware announced on Twitter that they are set to shut down their operation.

The FonixCrypter gang, as a gesture of goodwill towards past victims, has also released a package containing a decryption tool, how-to instructions, and the ransomware’s master decryption key.

These files can be used by previous infected users to decode and retreive their files for free, without needing to pay for a decryption key.

Allan Liska, a security investigator for threat intelligence firm Recorded Future, has verified that the FonixCrypter app, instructions, and master key work as advertised.

“The decryption key provided by the actors behind the Fonix ransomware appears to be legitimate, thought it requires each file to be decrypted individually,” Liska said.

“The important thing is that they included the master key, which should enable someone to build a much better decryption tool,” he added.

Before closing down, the FonixCrypter ransomware gang has been active since at least June 2020, according to Andrew Ivanov, a Russian security investigator who’s been tracking ransomware strains on his personal blog for the past four years.

Related articles

Emotet Botnet Uses New Template for Malicious Attachments
Malware

Emotet Botnet Uses New Template for Malicious Attachments

By CertX
Ransomware Attack: How it works and how it can be prevented
Malware

Ransomware Attack: How it works and how it can be prevented

By CertX
Researchers Discover EvilGnome Backdoor Targeting Linux Systems
Malware

Researchers Discover EvilGnome Backdoor Targeting Linux Systems

By CertX
Malware Sunshuttle purportedly linked to SolarWinds hack
Malware

Malware Sunshuttle purportedly linked to SolarWinds hack

By CertX
Users in Pakistan being Spied on by 5 New Trojanized Android Apps
Malware / Miscellaneous

Users in Pakistan being Spied on by 5 New Trojanized Android Apps

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *