Bleeping Computer drew attention to an interesting situation around the ransomware Ziggy, which closed down last month: its operator returns money to victims of malware.
Ziggy ceased operations in February 2021. Then, in a short announcement, the author of the ransomware said that he was “upset” because of what he had done and promised to publish the decryption keys in the public domain. The SQL file with 922 keys was actually made public the very next day.Last week, Ziggy operator announced he wants to return the money to the victims who had previously paid the ransom. Now, after a week of silence, the admin reappeared online and announced that he was ready to cancel payments.
The victims are invited to contact him at [email protected] and send a confirmation of the ransom payment in bitcoins and the computer ID, after which, in about two weeks, the money must be returned to the victim’s bitcoin wallet.
In a conversation with Bleeping Computer reporters, the author of Ziggy said that the refund will be made in bitcoins at the exchange rate on the date of payment.
Moreover, in the five days before the refund was announced, bitcoin rose in value above $ 61,000. That is, given the difference in price, the malware operator still made a profit.
Also, the Ziggy administrator said that he lives in a “third world country” and created an encryptor “for financial reasons.” He confirmed that he had stopped the malware out of fear of attracting the attention of law enforcement agencies.
Now the hacker allegedly had to sell the house to compensate the victims of Ziggy, and in the future, he plans to switch to the “bright side” and become a hunter for ransomware.
Let me remind you that I wrote about the operations of law enforcement agencies against the Emotet botnet and NetWalker ransomware, due to which the Ziggy administrator hastened to terminate his activities.
