The creator of the Ziggy ransomware reported that the malware stopped working. And he has published keys to recover encrypted files from victims.
According to reports from the cybercriminal, feelings of remorse and fear of being caught forced the operators of the ransomware Ziggy to cease their activities.As the cybercriminal explained in an interview with the BleepingComputer portal, the lack of money pushed him to create the ransomware program, since he lives in a “third world country”.
However, due to persistent guilt and fears over recent law enforcement operations against the Emotet botnet and NetWalker ransomware, Ziggy operator decided to cease its operations and release a decryptor.
On Sunday, February 7, a cybercriminal posted a SQL file with 922 decryption keys. The SQL file contains three keys for each victim. A decoder for use with these keys has been posted on VirusTotal.
In addition, the Ziggy operator provided information security expert Michael Gillespie with the source code of another decryptor, containing keys for decrypting data offline in case victims do not have access to the Internet or the C&C server is unavailable. Emsisoft plans to publish this decryptor soon.
Recently, the Fonix ransomware operators also decided to curtail their operations. According to them, they are friends with the creator of Ziggy and live in the same country.
It is noteworthy that, according to an interview published the other day with the LockBit ransomware operator (presumably residing in Russia), lack of money and lack of decent work are the main reasons for starting ransomware attacks.
