FonixCrypter Ransomware Operators Has Released a Master Decryption Key

Fonix ransomware operators have announced that they have stopped their cybercriminal activity, and have published a decryption key that allows victims of cyber attacks to recover their files for free.

The Fonix group (also known as Xinof and FonixCrypter) launched cyberattacks in June 2020, but now a Twitter user posing as the administrator of the ransomware Fonix has announced the closure of the project.

“I'm one of the admins on the Fonix team. You know about our team, but we have come to the conclusion that it is necessary to use your abilities in a positive way and help others. The ransomware source code has been completely removed, although some team members disagree with the closure of the project, for example, the administrator of the Telegram channel, who is trying to trick people by selling fake source code. In any case, now the chief administrator decided to postpone all previous work and decrypt all infected systems for free. The decryption key will be publicly available. The team's final statement will be announced shortly, ”Fonix said in a statement.

In another publication, a representative of the group shared a link to an RAR archive named "Fonix_decrypter.rar" containing both the decryptor and the main private decryption key.

Decryptor is an admin tool used inside the ransomware group. Ransomware sometimes allows victims to send multiple encrypted files, which they will decrypt for free to prove their intentions after paying the ransom. The decryptor is a tool of Fonix operators to perform this free test decryption and prevents the victim from recovering all files on the system. Even though it can only decrypt one file at a time, test results have shown that it has very confusing instructions and is prone to malfunction.

The good news is that master decryption keys work, but only with some versions of Fonix ransomware.

Previous Post Next Post