Fonix Ransomware Shuts Down
FoxinCrypter or the Foxin ransomware group has picked up the page in November last year, after starting in June the same year. While it’s continuously infecting victims, it has now announced a sudden shut down of its operations for good. A Twitter account claiming to be one of the ransomware group’s admins has revealed this. He said that Though he claims that the source code was deleted, be also mentioned that some of the admins aren’t satisfied with the move. This makes the partners move to other ransomware groups, or startup a new operation altogether. Yet, the actual Fonix group was dead. REGARDS-FONIXTEAM
A later tweet from the account shared a link to an archive, which has the master private decryption key and the decryptor. This seemed to be a mess, as the tool shared wasn’t a decryptor, but an admin tool for unlocking the samples.
Ransomware groups often give the victims a chance to decrypt a few of their encrypted files for free, to prove themselves of having a working key upon paying the ransom. The shared decryption key is one of such, and cannot decrypt the whole infected system but only one file at a time. Also, the instructions shared for using it are so confusing that may lead to crashing of the whole process. Also, the master key shared works only on some versions of the Foxin ransomware, and there’s no date given for the release of the actual decryptor.