FonixCrypter Ransomware Group Throws in the Towel With MasterKey Release

  • FonixCrypter gave up trying to compete with other RaaS platforms and released the master key.
  • Security experts urge victims to wait for the release of a legitimate decrypter, which shouldn’t take long.
  • Fonix launched in the summer of 2020 but never really got to reach high levels of success.

The FonixCrypter ransomware gang announced the end of its operations, claimed to have deleted the malware's source code, and released the master RSA key that should be good to decrypt all associated infections. The announcement came through Twitter a few hours ago, and the group promises to follow up with a detailed statement that may explain the exact reasons behind that decision. In summary, the team appears to have second thoughts about how they should use their abilities.

Not every team member agrees with this decision, though, and some, like the Telegram channel admin, for example, are actively trying to scam people and collect the last bits of money they can.

Although the decrypter that’s openly shared could be a trick to spread backdoors, security researchers from Recorded Future have tested it and confirmed that it’s indeed the master key, so you can use it to unlock your files. Of course, you can minimize the chances of finding additional trouble by waiting for a decryptor from a security firm to be released, possibly by Emsisoft or BitDefender, and this shouldn’t take more than a week.

Fonix was a group that came into existence in the summer of 2020, so the whole operation didn’t last long. Its operators previously specialized in developing binary crypters/packers, so they decided to leap to the ransomware space to pursue more money. To draw capable members in the new RaaS platform, Fonix didn’t require a cut. This helped them get some growth, but the project never really took off.

The ransomware itself uses a combination of AES, Chacha, RSA, and Salsa20 to encrypt the victim’s files. Because of this mix of multiple encryption protocols, the encryption process is significantly slower than other ransomware strains. The characteristic file extension appended by FonixCrypter is “.XINOF,” which is the name given to the drive/volume labels too.

It is likely that the Fonix team wasn’t making enough money to justify the risk of finding trouble, so they thought it’d be better to call it a day and launch a white-hat security service instead. Although there has been an explosion of ransomware infections in 2020, the space remained dominated by a handful of “big players.” Among the newcomers, the one that got to establish the strongest foothold was Egregor.

How to Watch Grammys 2023 Online: Live Stream the Awards from Anywhere
The 2023 Grammys are around the corner, and you will find the date, time, performers, presenters, host, nominees, and everything else you...
Italy vs. France Live Stream: How to Watch Six Nations 2023 Online from Anywhere
Excitement among spectators has reached new heights as the Six Nations Rugby Championship 2023 draws near. France, the reigning champs, will get...
How to Watch ‘Murf the Surf: Jewels, Jesus, and Mayhem in the USA’ Online from Anywhere
Murf the Surf is a 2023 true-crime docuseries that pulls back the curtain on America's most infamous jewel thief, Jack Roland Murphy....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari