Saturday, September 7, 2024
HomeComputer SecurityShade Ransomware Hackers Shutdown Their Operation - 750k Decryption Keys Released

Shade Ransomware Hackers Shutdown Their Operation – 750k Decryption Keys Released

Published on

Shade ransomware first spotted in late 2014, also known as Troldesh or Encoder.858. The ransomware distributed specifically through malicious email attachments.

The origin of the ransomware believed to be from Russia, the ransom notes found to be written in both Russian and English.

The threat actors behind the ransomware strain continue to enhance their capabilities. The following are the top industries targeted that include High-Tech, Wholesale, and Education.

- Advertisement - EHA

Researchers believe the ransomware is possibly targeting more English-speaking users, once the files encrypted it appends [.crypted000007] extension at the end.

In the late 2019 Shade ransomware operators have stopped distribution of the ransomware.

Shade Ransomware Shutdown

The operators behind the Shade ransomware announced the shutdown of the ransomware now and they also published all the decryption keys.

Along with decryption keys they also publish decryption software to helps users to decrypt the encrypted files.

“All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data,” reads the GitHub post published.

“We also hope that having the keys, antivirus companies will issue their own more user-friendly decryption tools.”

Also, the Shade ransomware operators believe the published keys will help the victims of the ransomware to decrypt the files and recover their data.

Shade Ransomware
Shade Ransomware keys

The ransomware operators also published detailed instructions on how to decrypt the files.

Kaspersky Lab’s Sergey Golovanov said that the key is working and the decryption tools will be available soon.

You can also read the complete ransomware mitigation checklist

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is...

Lazarus Hackers Attacking Job-Seekers to Deliver Javascript Malware

The Lazarus Group is one of the most notorious hacker groups linked to the...