More than a month after shutting down operations, Ziggy ransomware administrators have announced they will refund their victims.
The news follows the threat actor’s earlier statement that it will publish all decryption keys in early February.
“Hi. I am the Ziggy ransomware administrator. We decided to publish all decryption keys. We are very sad about what we did. As soon as possible, all the keys will be published in this channel,” he said in a brief post on Telegram.
On March 19, the Ziggy ransomware operators also said that they wish to return the victims’ payments. After a week of silence, the admin emerged with a new message board disclosing that victims will be refunded in about two weeks after contacting the group via email:
“If you are infected with Ziggy ransomware and you payed money, We are ready to give back your money. Send you payment receipt and your computer unique ID to email,” he said. “We will transfer money to your Bitcoin wallet address. We will give back your money until 2 weeks later.”
Despite the recent gesture of goodwill, the Ziggy operators will retain a pretty penny. A couple of days before announcing their refund program, Bitcoin cryptocurrency hit an all-time high of over $50,000.
It is unclear if the ransomware gang acted out of guilt or fear of becoming the next target of law enforcement agencies – or both. However, the Ziggy ransomware gang were likely more concerned about the recent law enforcement operations against Emotet and Netwalker ransomware gangs. They’re not alone. Fonix operators also laid down their cyber weapons and released a master decryption key to allow victims to recover their data for free in late January.