Reports suggest that  Shade (Troldesh) ransomware have closed down and have released more than 750,000 decryption keys that can now be uses to decrypt their files by previous victims.

Kaspersky Lab’s security researchers have established the legitimacy of the leaked keys and are now working on making a free decryption tool.

In a short message, the Shade team explained what made them do so.

“We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools. All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.”

Related article: Ransomware Attack: How it works and how it can be prevented

The Shade gang clarified what led to the release of the decryption keys, but stopped short of explaining why they closed down. Numerous theories have begun to form among ransomware specialists; however, none are based on actual concrete threat intelligence.

Before closing down at the end of 2019, the ransomware had been one of the oldest ransomware strains, being first marked in 2014 and running nearly non-stop until it shut down last year.

It was also one of the most active ransomware operations, being disseminated through a blend of email spam operations and exploit kits.

The ransomware wasn’t flawless, however, and during its lifetime, security investigators from Kaspersky and Intel Security (now McAfee) have come up with numerous decryption apps that could help victims recover files. Nevertheless, the decrypters only operated against a small number of Shade versions, with the last of these tools being released in 2017.



Leave a Reply

Your email address will not be published. Required fields are marked *