FonixCrypter ransomware stopped working and published a key to decrypt data

FonixCrypter ransomware stopped working

The authors of the FonixCrypter ransomware announced that they had removed the source code of their malware and after this FonixCrypter stopped working. Along with this statement, they published a tool for decrypting files, instructions for it and a master key for malware. Therefore, former victims of the ransomware can now recover their data for free.

The FonixCrypter ransomware has been active since at least June 2020. According to information security specialist Andrey Ivanov, the malware was regularly updated, and last year at least seven different variants of FonixCrypt were released.

ZDNet reports that analysts at Recorded Future have already tested the decryptor and confirmed that it (and the master key) works properly, just as the attackers explained.

The decryption key provided by the authors of the Fonix ransomware seems legitimate, although with its help user will have to decrypt each file separately. However, more importantly, they released a master key that enables them to create a better decryption tool.said Allan Liska, a security researcher from the Recorded Future threat intelligence firm.

Emsisoft experts are already developing a more advanced decryptor, which is expected to be released this week. For this reason, users are not advised to use a hacker tool to rescue data.

Users are advised to wait for the Emsisoft decryptor rather than use the one provided by the FonixCrypter gang. It may still contain malware and backdoors that victims may end up installing on their systems.recommends Michael Gillespie, an Emsisoft security researcher specialized in breaking ransomware encryption.

Although the ransomware worked and made money for its authors, it looks like the hackers really decided to scale back. For example, the group has already deleted its Telegram channel, where it usually advertised its malware to other criminals.

Read also about ransomware trends at the edge of 2021.

However, Recorded Future analysts note that the group immediately announced plans to launch a new channel in the near future. It is unknown if this new channel will be centered around some new malware. According to a message posted on Twitter, the hackers are planning to quit with ransomware and will allegedly use their abilities exclusively “in a positive way.”

Let me remind you that I also talked about the fact that Dharma ransomware source code put for sale.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *