The Fonix ransomware was released in June 2020; however, it did not gain prominence at first. However, in early 2021, the ransomware hit 182 companies, putting the group in the spotlight alongside other extensions such as REvil Sodinokibi and LockBit.
It is common for systems to be infected by ransomware through macros, malicious ads, and pirated downloads. Fonix propagates itself in the same way.
When the encryption process is executed, the files are given the extension “.XINOF” locking the data. The extension cannot be removed without having access to the decryption key.
A different method is seen in the ransom notes left by Fonix. In addition to the notepad named “Help.txt” containing only the contact email, the group adds a pop-up called “How To Decrypt Files.hta” where the requirements required to recover the files is left.
The amounts charged by the group can only be paid in Bitcoin and can range from $200.00 to $1,500.00.
To ensure that they have the decryption key, three files smaller than 2 MB with little relevance can be decrypted by the hackers.
To avoid attracting more attention, the groups often use more than one name, Fonix is also known as Xinof and FonixCrypter.
Recover files encrypted by Fonix ransomware
The worst choice to make when losing data is to attempt recovery without expert help, as this can result in permanent loss. Digital Recovery has a team of experts in recovering data encrypted by ransomware without negotiating with hackers.
We have been working in the field of data recovery for more than 23 years, seeking fast and efficient solutions to minimize company losses. To speed up the recovery process, our solutions were developed to be applied remotely.
We offer recovery in emergency mode, in which mode our laboratories operate 24×7 so that the process is done as quickly as possible.
We also make available our confidentiality agreement (NDA), which provides total secrecy.
Request a diagnosis right now and talk to one of our attendants.
