The Rakhni Decryptor, so named because it also decrypts files which are encrypted by ransomware of that name, can also be used for decrypting files that have been attacked by a number of other ransomware strains.
Fonix Ransomware Master RSA Key (Spub.key & Spriv.key) and Sample Decryptor : #Fonix #ransomware #XINOF #FonixCrypter #close_project #hack #Malware #raas #ransomware_as_a_servicehttps://t.co/JcijzvOKvf
— fnx (@fnx67482837) January 29, 2021
The actors behind Fonix published a master key for decrypting files at the same time that they announced that they were ending their activities.
A statement from Kaspersky said Fonix, which was also known as Xinof, was quite aggressive in its operations. Apart from encryption, the malware also made changes to the Windows operating system to make its removal more difficult.
|
|
The people behind Fonix leased it out under the ransomware-as-a-service model and it was advertised on forums frequented by malicious attackers from about the time of the Western summer last year.
Initially, those who used Fonix did not have to pay anything, with the operators only asking for a percentage of the ransom paid, if any.
"As a result, the malware spread in various unconnected campaigns, usually via spam mailings," Kaspersky said. "Therefore, Fonix hit both individual users and companies. Fortunately, the ransomware did not gain widespread popularity, so victims were relatively few."
Kaspersky security expert Fedor Sinitsyn said: “This example yet again reminds us that one should never pay a ransom. It is a better decision to just hang on to the encrypted data, as there are chances that one day a master key will become publicly known – and your information gets back to you in a decrypted format.”
The company has also released decyrptors for other ransomware strains, all of which can be downloaded free here.
