The authors of the FonixCrypter ransomware announced that they had removed the source code of their malware and after this FonixCrypter stopped working. Along with this statement, they published a tool for decrypting files, instructions for it and a master key for malware. Therefore, former victims of the ransomware can now recover their data for free.
The FonixCrypter ransomware has been active since at least June 2020. According to information security specialist Andrey Ivanov, the malware was regularly updated, and last year at least seven different variants of FonixCrypt were released.
ZDNet reports that analysts at Recorded Future have already tested the decryptor and confirmed that it (and the master key) works properly, just as the attackers explained.
Emsisoft experts are already developing a more advanced decryptor, which is expected to be released this week. For this reason, users are not advised to use a hacker tool to rescue data.
Although the ransomware worked and made money for its authors, it looks like the hackers really decided to scale back. For example, the group has already deleted its Telegram channel, where it usually advertised its malware to other criminals.
Read also about ransomware trends at the edge of 2021.
However, Recorded Future analysts note that the group immediately announced plans to launch a new channel in the near future. It is unknown if this new channel will be centered around some new malware. According to a message posted on Twitter, the hackers are planning to quit with ransomware and will allegedly use their abilities exclusively “in a positive way.”
Let me remind you that I also talked about the fact that Dharma ransomware source code put for sale.