As declared on Twitter, the ransomware gang Fonix Crypter has decided to shut off their operations on ransomware exploitation and will delete the source code entirely.
According to the gang of cybercriminals, they will also release a package comprising of decryption tools, the master decryption key, and how-to instructions as a ‘goodwill’ gesture for the past ransomware victims.
This means that formerly affected victims won’t have to pay for decryption keys and can recover and decrypt the corrupted files.
Security researchers have tested and confirmed these claims and verified that description keys and instructions do, in fact, work as directed
The master key appears to be authentic enough to decrypt each file individually. It appears that the master key provided by the hackers has given the opportunity to build better decryption tools and better provide protection against future cyber crimes and attacks.
Other security researchers have also pointed out that even though the decryption tools are still at works, users should wait for the Emisoft decrypter rather than using the provisions by the FonixCrpter group. It has the possibility of containing other malware and hence users should stay cautious of it.
The FonixCrypter ransomware gang was observed to be active in the past year while releasing more than 6 different versions of the FonixCrypt.Even if the ransomware lacked the top tier quality regarding the frontal source code, it was successfully able to trap multiple victims by deploying all across the globe.
While one cannot be entirely sure of the cybergang’s plans to shut off operations, experts still verify that they have already deleted their Telegram group which was usually utilized to advertise the ransomware to various different cybergangs. However, it has been recorded that the group of cybercriminals has also revealed schedules to open a new channel shortly.
The FonixCryptor gang is yet to specify the objective of the new channel. Some researchers believe it may be a move to provision a new ransomware variant. If their posting on Twitter is to be believed, they claim to move past malware activities and use their abilities in “positive ways and help others”.