Home News Fonix Ransomware Gang Locks Shop and Releases Master Decryption Key

Fonix Ransomware Gang Locks Shop and Releases Master Decryption Key

The operators of Fonix ransomware, infamously known by the names Xinof and FonixCrypter, have suspended operations and released a master decryption key for all its victims.

By
CISOMAG
-
ransomware, fonix, fonix ransomware, Cybereason Partners with Intel for Hardware-Enabled Ransomware Prevention, Kronos

Fonix ransomware, which notoriously seemed to be picking up in the last few months of 2020, has reportedly suspended operations and released a master decryption key for all its victims. Fonix operators had noticeably begun operations in June 2020 only in the wake of the economic crisis; however, it’s unclear if it was due to the pandemic or any personal reasons. The gang is proposing a launch of a malware analysis website and put its abilities to use in “positive ways.”

End of FonixCrypter Project

The operators of Fonix took to Twitter to announce the “End of FonixCrypter Project.” The person who claimed to be one of the admins in the project stated that not all team members were happy with this move and thus, indicated that the source code could be duplicated for future use.

In a separate tweet, the admin shared a link, which has a downloadable RAR file named ‘Fonix_decrypter.rar,’ which contains a decryptor and the master private decryption key, proving that he was indeed serious about shutting shop. However, this decryption tool is not a decryptor that allows victims to get their encrypted files back. Instead, it is an admin tool used by the ransomware gang internally.

Most ransomware operations follow a modus operandi where they ask their victims to send a few encrypted files for decryption as proof that they can indeed decrypt them. The said decryptor does exactly that. It allows the user to decrypt only a few files and not the entire set on the infected computer.

But this dark cloud has a silver lining because experts have found that the generated master keys work. On the other hand, the best news comes from Emsisoft, a cybersecurity firm providing anti-malware and ransomware products. Emsisoft said its decryptor tool effectively decrypts all versions of the ransomware, including [.]Fonix, [.]FONIX, [.]repter, [.]XINOF encrypted file extensions. This means the victims can hope for a solution soon.

Earlier in late 2020, Maze ransomware gang had announced similar suspension of operations.

Read more about that story here – Are We Really Out of the Maze? The Ransomware Gang Announces Retirement

RELATED ARTICLESMORE FROM AUTHOR