While various cybercriminals became more active during the pandemic, last weekend ransomware operators Shade (aka Troldesh) reported that their software had finally stopped working.
Malware’s operators have also published over 750,000 keys for decrypting files on GitHub.
We are the team that created the ransomware known as Shade, Troldesh or Encoder.858. In fact, we stopped distributing it at the end of 2019, and now we have decided to put an end to this story and publish all the decryption keys that we have (more than 750,000 in total). We will also unveil our program for decrypting data. We hope that with these keys antivirus companies will be able to release their own, more convenient decryption tools”, – said cyber-extortionists.
Also, according to their report, all other data related to the activities of the malware (including the source codes of the Trojan) was permanently destroyed.
We apologize to all the victims of the Trojan and hope that published keys will help them recover their data”, — says a brief statement from the malware operators, in which they do not explain the reasons for the termination of their activities.
Information security specialists from Kaspersky Lab confirmed the authenticity of the published keys and assured that they were already working on creating a free tool for decrypting the affected data.
Shade/Troldesh/Encoder.858 ransomware just dropped all keys to public. Decryption tools will be available ASAP! And yes. Keys are real. Just checked”, — write in his Twitter Kaspersky Lab expert Sergey Golovanov.
Until the end of operations at the end of 2019, Shade was considered one of the oldest and most active encryption agents on the market: it was first discovered in 2014, and for all subsequent years, it worked almost without interruptions.
I must say that earlier experts at Kaspersky Lab and Intel Security (now McAfee) released several free decryptors for this malware, but the tools were only suitable for some versions of Shade, the most relevant of which dated 2017.
Thus, the keys released now should help restore the data of all affected users, as finally since keys are suitable for all existing versions of the malware.
Let me remind you that recently ESET specialists eliminated the VictoryGate mining botnet.