Operators of the Ziggy ransomware announced over the weekend that they were closing their operation and would be releasing all of the decryption keys.
The Ziggi ransomware administrator told Bleeping Computer that they were using the ransomware to make money, because they live in a "third-world country." The ransomware operators are concerned about recent law enforcement activity that resulted in dismantling some of the dark web payment websites associated with the NetWalker ransomware operation.
The ransomware operators shared an SQL file containing 922 decryption keys for encrypted victims, with three keys needed to decrypt the encrypted files provided for each victim. The ransomware admin also shared a decryptor that victims can use with the keys listed in the SQL file, as well as the source code for a different decryptor that contains offline decryption keys.
The ransomware admin also provided these files to Emsisoft security researcher Michael Gillespie who created a decryptor for Ziggi ransomware.
Earlier this month, cyber criminals behind the Fonix ransomware announced they shut down their operation and released the master decryption key to allow victims to recover their encrypted files.