Remember Shade ransomware? We\u2019re writing this post because it\u2019s not a threat anymore, and you can get your files back, even those encrypted by the latest versions of Shade. Let\u2019s talk about how that happened.<\/p>\n
Shade, also known as Troldesh, is a nasty cryptor that began spreading back in 2015. It encrypted office documents, pictures, and archives (as well as some other types of files) and then asked victims to pay for decryption. Different strains used fancy filenames such as breaking_bad and da_vinci_code. Shade also brought friends along \u2014 it downloaded other malware after it encrypted everything it wanted.<\/p>\n
In 2016, our malware analysts managed to create a decryptor for the versions of Shade that existed back then<\/a>. Cooperation between police, having seized the servers with the keys, and the security researchers, made that possible.<\/p>\n However, the group behind Shade didn\u2019t go anywhere and continued to develop new strains of ransomware for which the decryptor didn\u2019t work. The malefactors continued to spread Shade, remaining highly active through mid-2019.<\/p>\n Things eventually changed. In late 2019 and early 2020 the number of users that encountered Shade ransomware dropped significantly in comparison with previous years. And then the malefactors behind the ransomware announced that they had decided to abandon it. They even apologized for the harm they caused and published<\/a> about 750,000 keys to decrypt the files.<\/p>\nThe group behind Shade<\/h2>\n