Security News > 2021 > February > Fonix Ransomware Operators Close Shop, Release Decryption Keys
The cybercriminals behind the Fonix ransomware have announced plans to shut down their activity, and have already released the master decryption key for the malware.
Also known as FonixCrypter and Xonif, the ransomware has been operating since June 2020, with several variants observed since.
In the shutdown announcement, the operators also said that the ransomware's source code was deleted, but warned that some people involved in the project might attempt to scam others by selling them fake code.
The Fonix operators offered to help security researchers create decryption tools for the ransomware.
According to its operators, the Fonix project was launched due to their poor financial situation, and the shutdown would help the developers stop feeling guilty.
While the group did not make it clear what influenced the decision to close the operation, it should be noted that other ransomware operators made similar moves in the past, including those behind GandCrab, Shade, and TeslaCrypt.