{"id":36022,"date":"2021-02-08T14:20:36","date_gmt":"2021-02-08T12:20:36","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=36022"},"modified":"2025-08-29T04:14:53","modified_gmt":"2025-08-29T01:14:53","slug":"ziggy-ransomware-halts-operations-hacker-publishes-decryption-keys","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ziggy-ransomware-halts-operations-hacker-publishes-decryption-keys\/","title":{"rendered":"Ziggy ransomware halts operations; hacker publishes decryption keys"},"content":{"rendered":"

The creator of the Ziggy ransomware announced that it had ceased operation and released the keys to decrypt the infected files. According to \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442<\/a> BleepingComputer.<\/p>\n

The hacker explained the decision amid concerns over the recent arrest of the developers<\/a> of the Emotet and Netwalker ransomware.<\/p>\n

On February 7 he published an SQL file containing 922 decryption keys. For each victim, three keys are listed that are necessary for decryption.<\/p>\n

\"\u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c<\/p>\n

Source: BleepingComputer.<\/p>\n<\/div>\n

The Ziggy author also posted a VirusTotal decryptor that works with the keys from the file, and shared the source code of the program for standalone decryption with Emsisoft.<\/p>\n

Its specialists are already working on developing an application.<\/p>\n

\n

“Victims of the ransomware will be able to recover their data without paying the ransom and use the developer’s decryptor, which may contain a backdoor or bugs,” said Emsisoft expert Michael Gillespie.<\/p>\n<\/blockquote>\n

Earlier, the creators of the Fonix ransomware announced that it had shut down, and they also shared keys for restoring files.<\/p>\n

In January, Bitdefender antivirus developers released a free decryptor for files<\/a>, encrypted by the Darkside virus.<\/p>\n

Follow ForkLog news on Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The Ziggy ransomware creator announced that the operation had ceased and released the decryption keys for the infected files, according to BleepingComputer.<\/p>\n","protected":false},"author":1,"featured_media":36023,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-36022","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"19","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36022","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=36022"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36022\/revisions"}],"predecessor-version":[{"id":36024,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/36022\/revisions\/36024"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/36023"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=36022"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=36022"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=36022"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}