Ziggy ransomware developer stops extortion and hands out keys fromencryptionto his victims.
Ransomware Ziggy ransomware shut down its illegal activities and distributed decryption keys to its victims, following concerns by its developer about recent police activity and fears that he would be arrested.
Over the weekend, the administrator of Ziggy Ransomware announced to Telegram that it was shutting down ransomware and sharing all the decryption keys. The same ransomware administrator had previously stated that his team created ransomware to make money while living in a "third world country".
After feeling guilty about his actions and expressing his concerns about recent operations against ransomware Emotet and Netwalker, the administrator decided to stop the blackmail and share all the keys.
So today, the Ziggy ransomware administrator published an SQL file containing 922 decryption keys. For each victim, the SQL file lists three keys required to decrypt the encrypted files their.
The ransomware administrator also posted one decryptor in VirusTotal where victims can use the keys listed in the SQL file.
In addition to the decryption file and SQL, the ransomware administrator shared the source code of a different decryptor that contains the decryption keys for except connecting machines.
Ransomware infections use offline decryption keys to decrypt infected victims when they are not connected to the Internet or could not access the server orders and control.