Friday, July 23, 2021

FonixCrypter ransomware Shut down and releases the master decryption key

Must Read

New Law to Track Down on Fraudulent Foreign Firms Listed in the US

The House of Representatives has passed a new bill designed to stop fraudulent overseas firms listed on US stock...

UK judge Rejects Assange Extradition Request of WikiLeaks founder

The London judge ruled that Julian Assange would be at extreme risk of suicide if he were sent across...

Russia’s Cybercrime has cost $49 bn in 2020

Cyber-attacks have price Russian businesses and taxpayers around 3.6 trillion roubles ($49 billion) this year, the nation's biggest lender...

The FonixCrypter team said it was closed and removed their ransomware source code.

The cybercriminal team behind FonixCrypter ransomware announced today on Twitter that it has removed the ransomware source code and plans to shut down its operations.

As a gesture of interest to past victims, the FonixCrypter team also released a package containing a scripting tool, how to perform instructions, and a key ransomware encryption key.

Previously infected users can use these files to encrypt and restore their files for free without paying a setup key.

Allan Liska, a security researcher for the security intelligence company Receded Future, tested the technology with ZDNet’s application earlier today and confirmed that the FonixCrypter application, instructions, and critical function as advertised.

“The downgrade key provided by the characters under Fonix ransomware looks valid, you think it requires each file to be removed for each encryption,” Lissa told.

“The important thing is to install a master key, which should give the person the ability to create the best encryption tool,” he added.

The best decrypter is currently on the job at Emsisoft and is expected to be released next week, Michael Gillespie, an Emsisoft security detective specializing in ransomware encryption, told earlier today in an online interview.

Users are advised to wait for the Emsisoft decrypter rather than using the one provided by the FonixCrypter team, which may easily contain other malware, such as background, victims may end up installing in their programs.

Before the closure today, the FonixCrypter ransomware criminal gang was active at least in June 2020, according to Andrew Ivanov, a Russian security researcher who has been following the issue of ransomware on his blog for the past four years.

The installation of Ivanov’s FonixCryptter blog shows a history of regular updates of the FonixCrypt code, with at least several different features showing the unique FonixCrypt last year.

While the software source code may not be high, the software was activated and shipped last year, making victims worldwide.

Currently, all indications point to the fact that the FonixCrypter criminal group is committed to its closing plans.

Lissa said the FonixCrypter gang had removed its Telegram channel where they used to advertise ransom to other criminal gangs, but a Rededed Future analyst also revealed that the group had also announced plans to open a new channel soon.

However, the FonixCrypter team did not specify that the new Telegram channel would focus on providing a new and improved version of the software.

According to a message posted on Twitter, the group claims to be planning to move away from the jungle and use their skills “in good ways.” Whatever that means.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This