Fear of Justice Forced Ziggy Operator To Scale Back Operations


A feeling of remorse and fear of being caught forced the operators of the Ziggy ransomware to cease their activities and release a key to recover encrypted files.


"Hello. I am a Ziggy administrator. We decided to publish the decryption keys. We are very sorry for what we did. We will publish all the keys on this channel as soon as possible, ”the ransomware operators reported on the Telegram channel last weekend.


As the cybercriminal explained in an interview with the BleepingComputer portal, the lack of money pushed him to create the ransomware program, since he lives in a “third world country”. However, due to persistent guilt and fears over recent law enforcement operations against the Emotet botnet and NetWalker ransomware, operator Ziggy decided to cease its operations and release a decryptor.


On Sunday, February 7, a cybercriminal posted a SQL file with 922 decryption keys. The SQL file contains three keys for each victim. A decoder for use with these keys has been posted on VirusTotal. In addition, the Ziggy operator provided information security expert Michael Gillespie with the source code of another decryptor containing keys for decrypting data offline in case victims do not have access to the Internet or the C&C server is unavailable. Emsisoft plans to publish this decryptor shortly.


Recently, the ransomware operators Fonix also decided to curtail their operations . According to them, they are friends with the creator of Ziggy and live in the same country. It is noteworthy that, according to an interview published the other day with the ransomware operator LockBit (presumably residing in Russia), lack of money and lack of decent work are the main reasons for resorting to cyber extortion.

Previous Post Next Post