Fonix ransomware, also known as Xinof or FoxinCrypter has announced its closure and released the master decryption to unlock victimized computers for free. This group has started operations in mid-2020 and had infected a few to date. The released master decryptor is only capable of decrypting one file at a time, but not the whole system.
Fonix Ransomware Shuts Down
FoxinCrypter or the Foxin ransomware group has picked up the page in November last year, after starting in June the same year. While it’s continuously infecting victims, it has now announced a sudden shut down of its operations for good. A Twitter account claiming to be one of the ransomware group’s admins has revealed this.
He said that
“you know about fonix team but we have come to the conclusion. WE should use our abilities in positive ways and help others. Also, rans0mware source is completely deleted, but some of team members are disagree with closure of the project, like telegram channel admin who trying to scam people in telegram channel by selling fake source and data. Anyway now main admin has decided to put all previous work aside and decrypt all infected systems at no cost. And the decryption key will be available to the public. The final statement of the team will be announced soon.
Though he claims that the source code was deleted, be also mentioned that some of the admins aren’t satisfied with the move. This makes the partners move to other ransomware groups, or startup a new operation altogether. Yet, the actual Fonix group was dead.
A later tweet from the account shared a link to an archive, which has the master private decryption key and the decryptor. This seemed to be a mess, as the tool shared wasn’t a decryptor, but an admin tool for unlocking the samples.
Ransomware groups often give the victims a chance to decrypt a few of their encrypted files for free, to prove themselves of having a working key upon paying the ransom. The shared decryption key is one of such, and cannot decrypt the whole infected system but only one file at a time.
Also, the instructions shared for using it are so confusing that may lead to crashing of the whole process. Also, the master key shared works only on some versions of the Foxin ransomware, and there’s no date given for the release of the actual decryptor.