The ransomware developer Ziggy stops blackmail and distributes decryption keys to its victims.
Ransomware Ziggy ransomware shut down its illegal activities and distributed decryption keys to its victims, following concerns by its developer about recent police activity and fears that he would be arrested.
Over the weekend, the administrator of Ziggy Ransomware announced to Telegram that it was shutting down ransomware and sharing all the decryption keys. The same ransomware administrator had previously stated that his team created ransomware to make money while living in a "third world country".
After feeling guilty about his actions and expressing his concerns about the recent businesses against ransomware Emotet and Netwalker, the administrator decided to stop the blackmail and share all the keys.
So today, the administrator of Ziggy ransomware posted one archive SQL containing 922 decryption keys. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.
The ransomware administrator also posted one decryptor in VirusTotal where victims can use the keys listed in the SQL file.
In addition to the decryption file and SQL, the ransomware administrator shared the source code of a different decryptor containing the decryption keys for offline machines.
Ransomware infections use offline decryption keys to decrypt infected victims when they are not connected to the Internet or could not access the command and control server.