SECURITY
SECURITY
SECURITY
Ziggy ransomware group shuts down amid concern over law enforcement actions
The Ziggy ransomware group has shut down and released a decryption key amid concern that it may be targeted by law enforcement, according to a report today from Bleeping Computer.
The group reportedly announced on a Telegram group that it would be shutting down, with a message that included the phrase “we are very sad about what we did.” The ransomware administrator told Bleeping Computer that the group had created the ransomware to generate money since the members live in a developing country, and they were concerned over recent law enforcement actions against Emotet and Netwalker ransomware.
Emotet, which was an infamous botnet that emerged in 2014, reemerged in July after a five-month break, prompting a warning from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency in October. A joint international strike force coordinated by the European Union Agency for Law Enforcement Cooperation seized servers and made arrests in relation to Emotet Jan. 27. On the same date, a joint operation between U.S. and Bulgarian authorities led to the arrest and seizure of servers relating to the Netwalker ransomware.
Ziggy ransomware was a standard form of ransomware that infects targeted computers, initiated the encryption of files, then demanded a ransom for a decryption key. It could even be described as old-fashioned ransomware: Unlike many newer forms of ransomware over the last 12 months, Ziggy did not steal files, simply encrypting files and demanding payment.
Those behind Ziggy have apparently now released the decryption key, but as security researcher M. Shahpasandi noted on Twitter, the decryption release included malicious files.
Well, the moon came out from behind the cloud!#Ziggy ransomware #decryptor released.. but Malicious! 🧐@BleepinComputer @malwrhunterteam @demonslay335 https://t.co/QS8xoqnkkS pic.twitter.com/MExGQOnbhZ
— M. Shahpasandi (@M_Shahpasandi) February 7, 2021
Those behind the Ziggy ransomware are seemingly not alone in their concern about potentially getting caught following the raids on Emotet and Netwalker: Fonix ransomware announced last week that it’s also shutting down operations.
Officially, the operators of Fonix said that they had come to the conclusion that they “should use our abilities in positive ways to help others.” The code for the Fonix ransomware has been deleted and a master RSA key published that can be used to decrypt files.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
