Whether it is a discount or inadvertent deduction, getting a refund is always a delight for everyone. But what’s unbelievable is receiving the same refund from the one who robbed you. In an unusual scenario, ransomware operators announced that they will refund the ransom payments paid by the victims.
Ziggy, an infamous ransomware group stated that it is paying back its victims, after the group announced it would cease operations in February 2021. Usually, victims of ransomware attacks pay ransom to decrypt their critical information or recover stolen data from ransomware operators. The latest announcement from the Ziggy ransomware group is certainly good news for many ransomware victims.
Ziggy’s Shutdown
According to a report, the administrator of the Ziggy ransomware gang felt bad for their cybercriminal actions and decided to publish all the decryption keys to the data they stole. The group released an SQL file with 922 decryption keys that victims could use to decrypt their encrypted data. The group also shared the source code for different decryptor keys that can be used for infected systems which are not connected online.
What do victims need to do for a refund?
The victims of Ziggy ransomware were asked to contact the group admin at [email protected] and send their proof of payment and the computer’s unique ID. The paid ransom will be refunded to the victim’s Bitcoin wallet within two weeks.
Security researcher Shahpasandi said…
To all #Ziggy ransomware victims who paid money:
Contact [email protected] for giving your money back.@BleepinComputer @malwrhunterteam @demonslay335 https://t.co/tP0ngMXNyi pic.twitter.com/GNf7icMQiQ— M. Shahpasandi (@M_Shahpasandi) March 28, 2021
Concerns from recent takedowns!
Several industry experts opine that Ziggy ransomware operators are concerned after the law and federal enforcement authorities disrupted services of multiple ransomware gangs recently. In January 2021, the authorities across Europe and judicial agencies worldwide disrupted the operations of Emotet, an infamous malware strain that affected multiple organizations over the years. Dubbed “Operation Ladybird,” the international coordinated action took control of the Emotet group’s infrastructure.
In a similar move, the infamous Maze ransomware gang that caused chaos and attacked various MNCs, including the IT firm Cognizant, announced its retirement effective November 1, 2020.
Related Story: How Paying Ransom Doubles the Cost of Ransomware Attack