His developer ransomware Ziggy stops blackmail and distributes the decryption keys to his victims.
Ransomware Ziggy ransomware shut down its illegal activities and distributed decryption keys to its victims, following concerns by its developer about recent police activity and fears that he would be arrested.
During the weekend, Mr Admin of Ziggy Ransomware announced on Telegram that it is shutting down the ransomware and will share all decryption keys. The same ransomware administrator has previously stated that his team created the ransomware to win money, as they live in a "third world country".
After feeling guilty about his actions and expressing his concerns about recent operations against ransomware Emotet and Netwalker, the administrator decided to stop the blackmail and share all the keys.
So today, the administrator of Ziggy ransomware published an SQL file containing 922 decryption keys. For each victim, the SQL file lists three keys required to decrypt their encrypted files.
The ransomware administrator also posted one decryptor in VirusTotal where victims can use the keys listed in the SQL file.
In addition to the decryption file and SQL, the ransomware administrator shared the source code of a different decryptor containing the decryption keys for offline machines.
Ransomware infections use offline decryption keys to decrypt infected victims when they are not connected to the Internet or could not access the command and control server.