Developers behind Shade ransomware revealed on Monday that they had ceased operations and publicly released decryption keys to let their victims recover files for free.
Often referred to as Troldesh and Encoder.858, Shade has been present in the malware landscape since 2014. Enhanced with backdoor capabilities in 2016, Trojan was one of the most prevalent threats last year, targeting over 340 file extensions for encryption (using AES 256).
Shade was primarily spread via phishing emails with malicious ZIP archives. Last year, security researchers discovered that it was the most prevalent piece of malware contained in secret “well-known” directories on HTTPS pages.
Currently, the ransomware writers state that they finally stopped spreading malware at the end of last year, and that they have currently planned to close the store and release more than 750,000 decryption keys along with their decryption utility.
“We have now taken the decision to put the last point in this story and to post all the decryption keys we have (over 750 thousand at all). We are also publishing our decryption software; we also hope that, with the keys, antivirus companies can issue their own more user-friendly decryption devices, “said the ransomware writers on GitHub.
The developers also say that other data relevant to the project, including the Trojan source code, has been lost.
“We apologize to all the victims of the Trojan and hope that the keys we have released will help them recover their data,” they add.
In addition, ransomware authors published guidance on how victims can recover their files even without the aid of dedicated decryption devices.
Victims are recommended to wait for anti-malware firms to issue official decryption software for Shade encrypted data, however there is no details available yet when these applications are accessible.