BleepingComputer reports that on March 19, the administrator of the Ziggy ransomware announced their plans to return the ransom paid by victims after shutting down their operation on Feb. 6. The administrator published all of the 922 decryption keys the day after the shutdown, which the victims could use to regain access to their files, along with a decryption tool and the source code for an offline decryptor. Victims are advised to contact the administrator at [email protected] and to send their computer ID and proof of bitcoin payment. They will then receive their money through their bitcoin wallet in about two weeks. According to the Ziggy ransomware administrator, they decided to end their operation and refund the victims because they fear of being caught by law enforcement officers. They also claimed to selling their house in order to return the victims' money and planning to become a ransomware hunter after they have refunded the victims.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.
Organizations in the Americas, Europe, and Asia have been subjected to the ongoing FROZEN#SHADOW attack campaign that involved the distribution of the stealthy SSLoad malware alongside Cobalt Strike and ConnectWise ScreenConnect software to compromise networks, reports The Hacker News.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.