Η ομάδα ανάπτυξης του FonixCrypter ransomware ανακοίνωσε σήμερα στο Twitter ότι διέγραψαν τον πηγαίο κώδικα του ransomware και σκοπεύουν να σταματήσουν την λειτουργία του.
As a gesture of goodwill to previous victims, the FonixCrypter gang has released a package containing a decryption tool, instructions, and ransomware master key.
These files can be used by infected users to decrypt and recover their files for free, without having to pay a ransom.
Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor: #Phoenix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_servicehttps://t.co/JcijzvOKvf
- fnx (@ fnx67482837) -
Allan Liska, a security researcher, tested the decryptor and confirmed that the FonixCrypter application, instructions and master key work as the criminals report.
“The decryption key provided by the hackers behind Fonix ransomware appears to be legitimate, I believeehi from each file to be decrypted separately”, said Liska on ZDNet.
"The important thing is that they released the master key, which enables someone to create a much better decryption tool," he added.
A better cryptographer is currently in Emsisoft projects and is expected to be released next week, said Michael Gillespie, an Emsisoft security researcher.
Users are advised to wait for the Emsisoft decoder instead of using the FonixCrypter developer decryptor. No one can be sure if it contains backdoors.
The FonixCrypter ransomware gang has been active since at least June 2020, according to Andrew Ivanov, a Russian security researcher who has been following ransomware issues on his personal blog for the past four years.
Ivanov's blog post about FonixCrypter presents a history of constant updates to FonixCrypt code, with at least seven different FonixCrypt variants released last year.
