Threat Database Ransomware Ryuk (Fonix) Ransomware

Ryuk (Fonix) Ransomware

Ryuk (Fonix) is a type of ransomware program that operates by encrypting data on the victim's machine and then demands payment in exchange for the decryption key. This program is designed to imitate the infamous RYUK/RYK Ransomware, including the use of similar extensions and ransom notes. However, analysis has revealed that, in reality, the threat is a variant of Fonix ransomware.

When executed on the infected device, the Ryuk (Fonix) Ransomware will encrypt the files stored on it and will modify their filenames by appending the cybercriminals' email address ('Vulcanteam@CYBERFEAR.COM') and a '.RYK' extension. For example, a file that was originally named '1.png' would appear as '1.jpg.[Vulcanteam@CYBERFEAR.COM].RYK' after encryption. Additionally, the program creates a ransom note named 'RyukReadMe.txt' once the encryption process is complete.

Fortunately for the victims of the threat, there is a way to decrypt files affected by the Ryuk (Fonix) Ransomware without paying any ransom or even communicating with the threat actors. A free decryption tool has been released and it can be used to recover encrypted data.

Victims of the Ryuk (Fonix) Ransomware Threat are in Luck

The ransom-demanding note informs the victims that their files have been encrypted, and their backups and the Shadow Volume Copies have been deleted, leaving them with no access to their data. The note also states that the only way to decrypt the affected data is to pay a ransom in Bitcoin cryptocurrency, and only the attackers can provide the decryption tool.

To convince victims that data recovery is possible, the ransom note offers free decryption of two files. It's worth noting that it is rare for ransomware encryptions to be decryptable without the intervention of cybercriminals. The Ryuk (Fonix) Ransomware, however, is an exception to this rule, and a free decryptor is available to its victims.

Still, it is essential to emphasize that it's strongly advised not to pay the ransom demanded by cybercriminals. Paying the ransom does not guarantee data recovery, and it only supports illegal activities. In some cases, the attackers may not even provide the decryption tool after receiving the payment.

Ensuring the Security of Your Devices and Data Should be a Priority

Securing devices and data against ransomware threats involves a multi-layered approach that requires a combination of preventive and reactive measures. One of the most effective measures users can take is to regularly back up their data, which involves creating a copy of all important files and storing them in a secure location. In the event of a ransomware attack, having a backup will allow users to restore their data without paying the ransom.

Another key measure is to keep all software and operating systems up-to-date with the latest security patches and updates. Ransomware attacks often exploit vulnerabilities in software, so ensuring that all systems are up-to-date can minimize the risk of such attacks.

Users should also be cautious when opening emails, especially those from unknown or suspicious sources. Email attachments and links can contain ransomware and other types of malware, so it is essential to verify the authenticity of the sender before clicking on any links or opening any attachments.

The ransom note delivered to the victims of the threat is:

'Your network has been penetrated.

All files on each host in the network have been encrypted with a strong algorithm.

Backups were either encrypted
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.

We exclusively have decryption software for your situation.
More than a year ago, world experts recognized the impossibility of deciphering by any means except the original decoder.
No decryption software is available in the public.
Antiviruse companies, researchers, IT specialists, and no other persons cant help you decrypt the data.

DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT DELETE readme files.

To confirm our honest intentions.Send 2 different random files and you will get it decrypted.
It can be from different computers on your network to be sure that one key decrypts everything.
2 files we unlock for free

To get info (decrypt your files) contact us at

You will receive btc address for payment in the reply letter


No system is safe'


Most Viewed