In an unusual move, the administrator of Ziggy ransomware after the announcement of the end of the operation now is promising that they will give back their money.
Ziggy ransomware ceased the operation in early February, when announced the decision “to publish all decryption keys.”
The news was confirmed by the researcher M. Shahpasandi to BleepingComputer. The mastermind behind the Ziggy Ransomware operation announced on Telegram the decision to shut down their activity.
“In an interview with BleepingComputer, the ransomware admin said they created the ransomware to generate money as they live in a “third-world country.”” reported BleepingComputer.
Ransomware operators are concerned about recent law enforcement activity that results in the operation against Netwalker ransomware.
Ziggy ransomware admin leaked a SQL file containing 922 decryption keys along with a decryptor. The ransomware admin also shared the source code for a different decryptor with BleepingComputer that includes offline decryption keys that could be used when the infected system is not connected to the Internet.
In order to decrypt the files, the victims have to provide three decryption keys that are included in the SQL file.
The ransomware gang released offline decryption tool to decrypt infected files while not being connected to the Internet or the command and control server was unreachable.
Now, as first reported by BleepingComputer, on March 19, the Ziggy ransomware administrator announced they will refund the victims.
Victims that paid the ransom should contact the group via email at [email protected] to be refunded in about two weeks. Victims have to provide the payment receipt and the computer’s unique ID.
Experts believe that the Ziggy ransomware operators have monetized their efforts anyway due to the rise in the price of Bitcoin in the past months. Bitcoin price passed from $29,000 as December 31 up to $56,900 at the time of this writing allowing the gang to make a huge profit.
Recently another ransomware gang shut down its operations, it was the group behind the Fonix ransomware likely fearing the operation of law enforcement agencies.
In January, law enforcement authorities in the U.S. and Europe seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, Ziggy ransomware)