Saturday, October 16, 2021

FonixCrypter ransomware Shut down and releases the master decryption key

Must Read

CERT report Shows security holes In the Polish education sector

Education associations in Poland are counseled to tighten their security controls following a fresh report highlighted many different openings...

Russia’s Cybercrime has cost $49 bn in 2020

Cyber-attacks have price Russian businesses and taxpayers around 3.6 trillion roubles ($49 billion) this year, the nation's biggest lender...

Why Cybercrime shift from attacks targeting individual systems to attacks targeting entire organizations

The change from attacks targeting human systems to strikes targeting whole associations is pushing up the price of cyberattacks...

The FonixCrypter team said it was closed and removed their ransomware source code.

The cybercriminal team behind FonixCrypter ransomware announced today on Twitter that it has removed the ransomware source code and plans to shut down its operations.

As a gesture of interest to past victims, the FonixCrypter team also released a package containing a scripting tool, how to perform instructions, and a key ransomware encryption key.

Previously infected users can use these files to encrypt and restore their files for free without paying a setup key.

Allan Liska, a security researcher for the security intelligence company Receded Future, tested the technology with ZDNet’s application earlier today and confirmed that the FonixCrypter application, instructions, and critical function as advertised.

“The downgrade key provided by the characters under Fonix ransomware looks valid, you think it requires each file to be removed for each encryption,” Lissa told.

“The important thing is to install a master key, which should give the person the ability to create the best encryption tool,” he added.

The best decrypter is currently on the job at Emsisoft and is expected to be released next week, Michael Gillespie, an Emsisoft security detective specializing in ransomware encryption, told earlier today in an online interview.

Users are advised to wait for the Emsisoft decrypter rather than using the one provided by the FonixCrypter team, which may easily contain other malware, such as background, victims may end up installing in their programs.

Before the closure today, the FonixCrypter ransomware criminal gang was active at least in June 2020, according to Andrew Ivanov, a Russian security researcher who has been following the issue of ransomware on his blog for the past four years.

The installation of Ivanov’s FonixCryptter blog shows a history of regular updates of the FonixCrypt code, with at least several different features showing the unique FonixCrypt last year.

While the software source code may not be high, the software was activated and shipped last year, making victims worldwide.

Currently, all indications point to the fact that the FonixCrypter criminal group is committed to its closing plans.

Lissa said the FonixCrypter gang had removed its Telegram channel where they used to advertise ransom to other criminal gangs, but a Rededed Future analyst also revealed that the group had also announced plans to open a new channel soon.

However, the FonixCrypter team did not specify that the new Telegram channel would focus on providing a new and improved version of the software.

According to a message posted on Twitter, the group claims to be planning to move away from the jungle and use their skills “in good ways.” Whatever that means.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This