Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free. You can download the tool right here.
Fonix ransomware was also known as Xinof. Cybercriminals used both names, and encrypted files were renamed with either extension, .xinof or .fonix. Analysts described the ransomware as fairly aggressive.
In addition to encrypting files on target systems, the malware tinkered with the operating system to hinder efforts to remove it. It also encrypted practically all files on the target computer, leaving only those critical to the operating system.
The malware authors leased Fonix under a ransomware-as-a-service (RaaS) model, leaving clients to perform the actual attacks. Starting around summer 2020, hacker forums saw heavy advertising for the malware. Operators were initially granted free use of the tool, giving Fonix a competitive edge; the authors took only a percentage of any ransom collected.
Download the decryptor to a device with encrypted files and start the program. You will be asked to agree to a license agreement, and the main interface will appear, as shown below.
When you are ready to decrypt your files, click on the Start Scan button, and the decryptor will ask you to select an encrypted file.
Once selected, the decryptor will look for your decryption key, and when found, begin to decrypt your files.
After you have decrypted your files and determined that they are opening correctly, you can delete the leftover encrypted files.
