On Sunday, the cybercrime group behind the FonixCrypter ransomware announced on Twitter that they are set to shut down their operation.
The FonixCrypter gang, as a gesture of goodwill towards past victims, has also released a package containing a decryption tool, how-to instructions, and the ransomware’s master decryption key.
These files can be used by previous infected users to decode and retreive their files for free, without needing to pay for a decryption key.
Allan Liska, a security investigator for threat intelligence firm Recorded Future, has verified that the FonixCrypter app, instructions, and master key work as advertised.
“The decryption key provided by the actors behind the Fonix ransomware appears to be legitimate, thought it requires each file to be decrypted individually,” Liska said.
“The important thing is that they included the master key, which should enable someone to build a much better decryption tool,” he added.
Before closing down, the FonixCrypter ransomware gang has been active since at least June 2020, according to Andrew Ivanov, a Russian security investigator who’s been tracking ransomware strains on his personal blog for the past four years.