Ziggy ransomware has stopped working, and its creator has released decryption keys

Ziggy stopped working
Written by Emma Davis

The creator of the Ziggy ransomware reported that the malware stopped working. And he has published keys to recover encrypted files from victims.

According to reports from the cybercriminal, feelings of remorse and fear of being caught forced the operators of the ransomware Ziggy to cease their activities.

Hello. I am a Ziggy administrator. We decided to publish the decryption keys. We are very sorry for what we did. As soon as possible, we will publish all the keys on this channel.the ransomware operator said on the Telegram channel last weekend.

As the cybercriminal explained in an interview with the BleepingComputer portal, the lack of money pushed him to create the ransomware program, since he lives in a β€œthird world country”.

However, due to persistent guilt and fears over recent law enforcement operations against the Emotet botnet and NetWalker ransomware, Ziggy operator decided to cease its operations and release a decryptor.

On Sunday, February 7, a cybercriminal posted a SQL file with 922 decryption keys. The SQL file contains three keys for each victim. A decoder for use with these keys has been posted on VirusTotal.

In addition, the Ziggy operator provided information security expert Michael Gillespie with the source code of another decryptor, containing keys for decrypting data offline in case victims do not have access to the Internet or the C&C server is unavailable. Emsisoft plans to publish this decryptor soon.

The release of the keys, whether voluntarily or involuntarily, is the best possible outcome. The recent arrest of individuals associated with the Emotet and Netwalker operation could be causing some actors to get cold feet. If so, we could well see more groups ceasing operations and handing over the their keys. Fingers crossed.Emsisoft's Brett Callow told BleepingComputer.

Recently, the Fonix ransomware operators also decided to curtail their operations. According to them, they are friends with the creator of Ziggy and live in the same country.

It is noteworthy that, according to an interview published the other day with the LockBit ransomware operator (presumably residing in Russia), lack of money and lack of decent work are the main reasons for starting ransomware attacks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.