Shade – 750 000 keys published on GitHub - EXATEL

Shade / Troldesh active since 2014

The Shade (also known as Troldesh) virus has been active since 2014. Unlike other malware types, which target, among others, Western countries, this one was aimed at Russia and the Ukraine – as reported by Bleeping Computer.

In 2019, the intensity of hacker operations using Shade decreased significantly. This was due to the fact that the operators of the virus stopped distributing ransomware at that time. Now, its creators apologize to all their victims. They also provided all the instructions and elements required to effectively remove Troldesh.

Over 750 000 decryption keys published on GitHub

Operators of the Shade (Troldesh) ransomware released over 750 00 decryption keys. Their former victims can use them to decrypt their files.

Kaspersky Lab security researchers confirmed the validity of the leaked keys and are currently working on developing a decryption tool.

In a short statement posted in the GitHub repo, the Shade team explained the reasons behind their decision.

We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools. All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.

—

Do you need cybersecurity solutions for your company – contact us.