The FonixCrypter team said it was closed and removed their ransomware source code.
The cybercriminal team behind FonixCrypter ransomware announced today on Twitter that it has removed the ransomware source code and plans to shut down its operations.
As a gesture of interest to past victims, the FonixCrypter team also released a package containing a scripting tool, how to perform instructions, and a key ransomware encryption key.
Previously infected users can use these files to encrypt and restore their files for free without paying a setup key.
Allan Liska, a security researcher for the security intelligence company Receded Future, tested the technology with ZDNet’s application earlier today and confirmed that the FonixCrypter application, instructions, and critical function as advertised.
“The downgrade key provided by the characters under Fonix ransomware looks valid, you think it requires each file to be removed for each encryption,” Lissa told.
“The important thing is to install a master key, which should give the person the ability to create the best encryption tool,” he added.
The best decrypter is currently on the job at Emsisoft and is expected to be released next week, Michael Gillespie, an Emsisoft security detective specializing in ransomware encryption, told earlier today in an online interview.
Users are advised to wait for the Emsisoft decrypter rather than using the one provided by the FonixCrypter team, which may easily contain other malware, such as background, victims may end up installing in their programs.
Before the closure today, the FonixCrypter ransomware criminal gang was active at least in June 2020, according to Andrew Ivanov, a Russian security researcher who has been following the issue of ransomware on his blog for the past four years.
The installation of Ivanov’s FonixCryptter blog shows a history of regular updates of the FonixCrypt code, with at least several different features showing the unique FonixCrypt last year.
While the software source code may not be high, the software was activated and shipped last year, making victims worldwide.
Currently, all indications point to the fact that the FonixCrypter criminal group is committed to its closing plans.
Lissa said the FonixCrypter gang had removed its Telegram channel where they used to advertise ransom to other criminal gangs, but a Rededed Future analyst also revealed that the group had also announced plans to open a new channel soon.
However, the FonixCrypter team did not specify that the new Telegram channel would focus on providing a new and improved version of the software.
According to a message posted on Twitter, the group claims to be planning to move away from the jungle and use their skills “in good ways.” Whatever that means.