FonixCrypter Ransomware Group Throws in the Towel With MasterKey Release

  • FonixCrypter gave up trying to compete with other RaaS platforms and released the master key.
  • Security experts urge victims to wait for the release of a legitimate decrypter, which shouldn’t take long.
  • Fonix launched in the summer of 2020 but never really got to reach high levels of success.

The FonixCrypter ransomware gang announced the end of its operations, claimed to have deleted the malware’s source code, and released the master RSA key that should be good to decrypt all associated infections. The announcement came through Twitter a few hours ago, and the group promises to follow up with a detailed statement that may explain the exact reasons behind that decision. In summary, the team appears to have second thoughts about how they should use their abilities.

Not every team member agrees with this decision, though, and some, like the Telegram channel admin, for example, are actively trying to scam people and collect the last bits of money they can.

Although the decrypter that’s openly shared could be a trick to spread backdoors, security researchers from Recorded Future have tested it and confirmed that it’s indeed the master key, so you can use it to unlock your files. Of course, you can minimize the chances of finding additional trouble by waiting for a decryptor from a security firm to be released, possibly by Emsisoft or BitDefender, and this shouldn’t take more than a week.

Fonix was a group that came into existence in the summer of 2020, so the whole operation didn’t last long. Its operators previously specialized in developing binary crypters/packers, so they decided to leap to the ransomware space to pursue more money. To draw capable members in the new RaaS platform, Fonix didn’t require a cut. This helped them get some growth, but the project never really took off.

The ransomware itself uses a combination of AES, Chacha, RSA, and Salsa20 to encrypt the victim’s files. Because of this mix of multiple encryption protocols, the encryption process is significantly slower than other ransomware strains. The characteristic file extension appended by FonixCrypter is “.XINOF,” which is the name given to the drive/volume labels too.

It is likely that the Fonix team wasn’t making enough money to justify the risk of finding trouble, so they thought it’d be better to call it a day and launch a white-hat security service instead. Although there has been an explosion of ransomware infections in 2020, the space remained dominated by a handful of “big players.” Among the newcomers, the one that got to establish the strongest foothold was Egregor.

REVIEW OVERVIEW

Latest

How to Watch Thursday Night Football Without Cable in 2021: Schedule, Time, TV Channel, Live Stream

The 2021 NFL season is kicking off, and the excitement is kicking in for American football fans all over the world. The...

HBO Leaves Prime Video as WarnerMedia Ends Deal With Amazon

Amazon and WarnerMedia end their collaboration that had HBO on Prime Video.Existing users will now have to use the HBO Max app...

How Phishing Actors Impersonated the U.S. Department of Transportation

A recent phishing campaign deployed some common but highly effective tricks to steal Microsoft account credentials.The actors impersonated the U.S. Department of...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari