The Fonix Ransomware operators have shut down their operation and released the master decryption allowing victims to recover their files for free.
Fonix Ransomware, also known as Xinof and FonixCrypter, began operating in June 2020 and has been steadily encrypting victims since. The ransomware operation was not as widely active as others, such as REvil, Netwalker, or STOP, but starting in November 2020, it picked up a bit, as shown by the ID Ransomware submissions below.
ID Ransomware submission stats
This afternoon, a Twitter user claiming to be a Fonix ransomware admin announced that the ransomware had shut down.
Tweet from Fonix admin
The message shared in the image reads:
I'm one fonix team admins.you know about fonix team but we have come to the conclusion.we should use our abilities in positive ways and help others.Also rans0mware source is completely deleted, but some of team members are disagree with closure of the project, like telegram channel admin who trying to scam people in telegram channel by selling fake source and data.Anyway now main admin has decided to put all previous work aside and decrypt all infected systems at no cost.And the decryption key will be available to the public.The final statement of the team will be announced soon.
Regards-FonixTeam
According to the message, some of the 'members' of the ransomware operation were not happy that it was shutting down.
This shutdown could cause members to join other ransomware affiliate programs or splinter off and create a new operation.
