A Master Decryption Key and Shutdown Announcement Has Been Released By The Fonix Ransomware Admin
The operators behind the Fonix ransomware have announced their shutdown and also have released the master decryption key that would serve the affected ones to recover their encrypted/locked files and documents at zero cost.
Fonix ransomware was first started in June 2020 and has been targeting victims since then, it is also called the FonixCrypter and Xinof. In the beginning, this ransomware was not as active as other ransomwares (such as the Netwalker, STOP, and REvil), but later around November, it picked up the pace.
Yesterday, a user on Twitter, who claimed to be the ransomware’s admin, posted a tweet with a message and a heading that read “End of FonixCrypter Project”.
The containing message stated “I’m one fonix team admins. You know about fonix team but we have come to the conclusion. We should use our abilities in positive ways and help others. Also ransomware source in completely deleted, but some of team members are disagree with closure of the project, like telegram channel admin who trying to scam people in telegram channel by selling fake source and data. Anyway now main admin has decided to put all previous work aside and decrypt all infected systems at no cost. And the decryption key will be available to the public. The final statement of the team will be announced soon. Regards-FonixTeam.”
As the message reads, some members of the operation group weren’t satisfied with it being shut down. This could even lead to the unhappy members getting involved in other ransomware operation groups or detach and create their own team for malicious actions.
The Fonix admin further shared a link to a RAR file named as the “Fonix_decrypter.rar” that contains both the master private decryption key and a decrypter. The decrypter is not an actual decryption tool but it is an admin tool, used by the cybercrime group internally.
Most ransomware tasks permit casualties to send a couple of locked/encrypted records that they will decode for nothing to demonstrate that they can do as such. The decryptor delivered is the Fonix Ransomware administrators tool when playing out these free test decoding and doesn’t permit a casualty to decrypt a whole PC.
In any event, taking into account that it can just decrypt one record at a time, from the trial of the decryptor, it has confounding guidelines and is inclined to crashing. Fortunately, Michael Gillespie has revealed to BleepingComputer that the master keys work yet just on some Fonix ransomware variants.
There is no fixed time concerning when the decryptor will be delivered, however, on the off chance that you are a casualty of this ransomware, an answer will be accessible soon.
If you like this article, follow us on Twitter, Facebook, Instagram, and LinkedIn.
