Ziggy Ransomware Shuts Down And Releases Victims’ Decryption Keys
Security researcher M. Shahpasandi told BleepingComputer that the Ziggy Ransomware admin announced on Telegram that they were shutting down their operation and would be releasing all of the decryption keys.
Ziggy ransomware admin posted a SQL file containing 922 decryption keys for encrypted victims. For each victim, the SQL file lists three keys needed to decrypt their encrypted files.
The ransomware admin also posted a decryptor [VirusTotal] that victims can use with the keys listed in the SQL file.
In addition to the decryptor and the SQL file, the ransomware admin shared the source code for a different decryptor with BleepingComputer that contains offline decryption keys.
Ziggy ransomware was a standard form of ransomware that infects targeted computers, initiated the encryption of files, then demanded a ransom for a decryption key. It could even be described as old-fashioned ransomware: Unlike many newer forms of ransomware over the last 12 months, Ziggy did not steal files, simply encrypting files and demanding payment.