It sounds like something out of a Hollywood blockbuster movie, however ransomware gangs behind the likes of Ziggy and Fonix have found a heart and pledged to set up a means of returning every penny of the money they have taken from businesses and individuals alike, with the full amount returned to the Bitcoin Wallets used to pay them.

On March 28th Ziggy Ransomware Decrypted posted the following message on Twitter:

“If you are infected with Ziggy ransomware and your payed money, we are ready to give back your money.

Send you payment receipt and your computer unique ID to this E-mail:……….

We will send money to your Bitcoin wallet address.

We will give back your money until 2 weeks later.”

Following the above they released the decryption keys for all affected devices.

Earlier in January Fonix also put out a statement on their Twitter account:

“I’m one fonix team admins. you know about fonix team but we have come to the conclusion. we should use our abilities in positive ways and help others. Also ransomware source is completely deleted , but some of team members are disagree with closure of the project , like telegram channel admin who trying to scam people in telegram channel by selling fake source and data. Anyway now main admin has decided to put all previous work aside and decrypt all infected systems at no cost. 

And the decryption key will be available to the public. 

The final statement of the team will be announced soon. 


This was followed by the following statement/Tweet:

“At least we have special apology for all infected systems users. 

To make up for our mistakes, we will launch a malware analyze website soon to use our abilities in positive ways.

We cannot despair of humanity, Since we ourselves are human begins”

All well and good it seems, well at least on the surface it does, but this is by no means a Hollywood movie and the reality is invariably very different indeed. Though it was claimed by one of the gangs that they had to sell their homes and valuables in order to return the money in full, the gangs have in actuality collectively made hundreds of millions of dollars in Bitcoin. By pledging to return the exact amount taken from there victims and not including the gains made through the ever inflated prices of the ponzi scheme that is called Bitcoin, the criminals have not only attempted to clear their names and give themselves a less of a guilty conscience looking better in the eyes of the public, but are walking away with approximately 70% of the money they initially took. 

The real reason as to why these criminals are so eagerly willing to return the money and be done with their cyber criminal activities is not because they have a heart, but because they are scared of prison, attempting to cover their tracks and potentially avoid long jail terms if they do get caught.

Protect Your Business From Ransomware With Our IT Security Services

In late January the gang behind the world’s largest, most prolific and most dangerous ransomwares Emotet, first launched in 2014, was taken down by law enforcers from 8 different countries and with the help of security researchers and experts. Emotet which had control of servers in 90 different countries was costing companies up to $1 million per incident to remedy. On 27th January two of the gang members were arrested in the Ukraine and more members of the gang have since been taken into custody. Obviously this almighty takedown has put fear into the hearts of the cybercriminal, though it doesn’t necessarily mean that it will put an end to their endeavours, to the contrary it will likely make the gangs improve upon their methods and therefore make it even harder for law enforcement to find them and take them down. Etay Maor, a cybersecurity professor at Boston College and senior director of security and strategy at Cato said:

“Emotet might come back, or it might come back in a different form. But they’re not going to make the same mistakes again,” he said. “We’ve already seen that malware like Zeus is peer-to-peer distributed, without a single command-and-control server.”

“Criminals might invent a new command-and-control system, he said, or put their servers somewhere where it’s harder for the authorities to access them.”

Josh Smith a security analyst at Nuspire said: 

“Companies should invest in next-generation antivirus that includes behavior analytics to help spot new malware variants that don’t have existing signatures.”

Certainly some excellent advice, however as we are all aware no anti-virus solution can provide 100% protection, it’s impossible to protect against threats that don’t currently exist or that are known about.

Photo by Luis Villasmil on Unsplash