On February 6th the Ziggy ransomware group announced the end of their hacking operation. More than a month after shutting down operations, Ziggy ransomware administrators announced they will refund their victims. On March 19th the group announced their decision to give the ransoms back.
M. Shahpasandi, who identifies himself on Twitter as a security researcher, communicated with Bleeping Computer. He claims the group decided to give back their ill-gotten gains.
Bleeping Computer reported the Ziggy ransomware administrator explained the hacker(s) live in a “third-world country” and created the lockers with financial motives.
The anonymous group administrator says they feel “sad” for their crimes. And they “decided to publish all decryption keys” so their victims could unlock their systems.
They made good on the first promise, on February 7, giving out an SQL file with 922 decryption keys. The victims were able to unlock the files infected by the ransomware.
Due to a change of heart, the group provided Ziggy victims with a decryption tool which makes it easier to unlock systems. Additionally, they received the source code for a decryptor which does not need an internet connection to work. Allowing the victims to clean up their systems offline.