- The next ransomware group to waive the white flag is “Ziggy,” claiming reasons of ethical nature.
- The admin has released all decrypting keys in an SQL file and has also provided a decryptor tool.
- The group states that they only did what they did out of necessity, not out of wickedness.
The Ziggy ransomware group has decided to end its malicious operations, and today, the administrator of the project has posted an SQL file that contains 922 decryption keys. This covers all victims of the particular ransomware strain, giving three keys for each of them, as Ziggy has a three-level encryption process.
Moreover, the hacker has promised to release the source code of the malware soon, for educational purposes. The shared decryptor may be flagged as malicious by some AV engines, but it appears to be clean.
If you want to be sure that you won’t be infected by additional malware, you can wait for a security firm to release a safe decryptor. These are always free, so you just need to be patient for a couple of more days. We can confirm that Michael Gillespie is working on developing a safe decryptor, so we will see something on Emsisoft’s site soon.
BleepingComputer has communicated with the Ziggy ransomware operators, trying to figure out why they are giving up now. As a representative explained, they only started this malicious operation as a way to escape poverty in the third-world country they live in.
Thus, they claim they never stopped feeling bad about their victims and the consequences of their actions. Ethical tribulation is the same reason that allegedly dismantled the FonixCrypter ransomware group, but this may not be the complete story.
The bust of EMOTET and NetWalker actors has sent strong turbulence across the field, as malicious actors realize that no matter where they’re based and how well they think they’re hiding when operating online, the law enforcement authorities could find them.
So, both Ziggy and FonixCrypter may have just given up due to their fear of being caught, not because of feelings of regret. BleepingComputer says the two groups know each other as they are from the same country, so seeing them both out isn't a coincidence.
Whatever the case, the good thing is that all Ziggy victims can now decrypt their files without paying a ransom to the crooks. If you’re going for it right now, make sure to back up your encrypted files and try the decryption on copies, as something going wrong in the process may render them irrecoverable forever.