The Ziggy ransomware group has shut down and released a decryption key amid concern that it may be targeted by law enforcement, as reported by BleepingComputer.
Security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.
Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.
The ransomware admin also posted a decryptor [VirusTotal] that victims can use with the keys listed in the SQL file.
In addition to the decryptor and the SQL file, the ransomware admin shared the source code for a different decryptor with BleepingComputer that contains offline decryption keys.
Ziggy ransomware was a standard form of ransomware that infects targeted computers, initiated the encryption of files, then demanded a ransom for a decryption key. It could even be described as old-fashioned ransomware: Unlike many newer forms of ransomware over the last 12 months, Ziggy did not steal files, simply encrypting files and demanding payment.
Last week, FonixCrypter ransomware has announced on Twitter that they’ve deleted the ransomware’s source code and plan to shut down their operation.
