The group behind the Shade ransomware has closed up shop and distributed around 750,000 decryption keys, along with decryption software, apologizing to everyone that was affected by their malware.
There are numerous types of ransomware in use today, and Shade was one of them for more than half a decade. Also known under the name of Troldesh, it’s been around since around 2014, and was mainly deployed in Russia, the United States, Japan, parts of Europe, Canada, and a few other countries.
Shade activity was a constant in the past few years, but it slowed down by the end of 2019. The reason for the supposed shutdown is unclear or whether it was genuine. It wouldn’t be the first time when a group shuts down an operation, only to open up another one, under a different name.
The large collection of decryption keys was posted on GitHub, along with a message. “We stopped its distribution in the end of 2019,” says the group.
“Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools.”
They also claim to have destroyed the malware’s source code and apologized to everyone that was affected by their trojan. While it might seem like a nice sentiment, let’s not forget that their malware caused immense losses to numerous industries and people for a long time.
Publishing the decryption software is good news as it makes it easier for affected parties to recover lost data, and for security companies to provide more robust solutions.
Despite the supposed retirement of Shade, there are still numerous other active groups right now, such as Sodinokibi or Maze, and that have changed their modus operandi to include blackmail with stolen data.