BleepingComputer reports that on March 19, the administrator of the Ziggy ransomware announced their plans to return the ransom paid by victims after shutting down their operation on Feb. 6. The administrator published all of the 922 decryption keys the day after the shutdown, which the victims could use to regain access to their files, along with a decryption tool and the source code for an offline decryptor. Victims are advised to contact the administrator at [email protected] and to send their computer ID and proof of bitcoin payment. They will then receive their money through their bitcoin wallet in about two weeks. According to the Ziggy ransomware administrator, they decided to end their operation and refund the victims because they fear of being caught by law enforcement officers. They also claimed to selling their house in order to return the victims' money and planning to become a ransomware hunter after they have refunded the victims.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Malwarebytes Labs researchers say users get tricked into loading malware because the fraudulent ads tend to get better placement than the legitimate search.
BleepingComputer reports that several U.S. financial institutions and numerous cryptocurrency apps are having their users mostly targeted by an expanded Xenomorph malware campaign leveraging an updated version of the Android banking trojan that also set sights on users in Canada, Italy, Spain, Belgium, and Portugal.