The administrator of Ziggy ransomware which has ended their operation recently has now announced that they will pay the money back to its victims.
Ziggy ransomware was shut down in early February and the administrator of the operation said that they were sad about what they did and that they decided to publish all decryption keys.
They followed through the next day, on February 7, offering an SQL file with 922 decryption keys that victims could use to unlock their files.
The admin published a decryption tool along with the source code for a decryptor that does not require an internet connection to work.
Few days back the administrator said that they wanted to return the money to the victims that paid the ransom and now the admin confirmed that they were ready to revert payments.
The victims are required to contact the admin at a given email address (firstname.lastname@example.org) with the proof of their payment in bitcoin and the computer ID, and the money would be returned to the victim’s bitcoin wallet in about two weeks.
Ransomware victims after getting a ransom note with instructions makes the payment in Bitcoin. Bitcoin price has been on the rise for the past three months, and its price as of now is close to $55,000.
When the Ziggy ransomware decryption keys became public, Bitcoin price was around $39,000. Five days before the admin announced that they would return the money, Bitcoin spiked above $61,000. Given the price difference, the admin makes a profit at the current Bitcoin price.
The Ziggy ransomware administrator said that their motivation for creating the locker was financial. Their recent actions seem to be driven by guilt and the worry that law enforcement might get them, given the disruption of much larger operations like Emotet and Netwalker ransomware.