Level 52
Content Creator
Malware Hunter
Shade, a ransomware known to target Russian victims, has been spotted in several recent campaigns scoping out new locations – including in the U.S. and Japan.

“In fact, our research shows that the top five countries affected by Shade ransomware are not Russia or nations of the former Soviet Union; they are the United States, Japan, India, Thailand, and Canada,” said Brad Duncan, researcher with Palo Alto Networks’ Unit 42 group in a Wednesday analysis.
The Shade ransomware is spread through malspam emails. In a recent February 2019 campaign for instance, the emails touted a link to an archive, archive attachment or attached PDF with a link to an archive, disguised as an invoice or bill.
These links and attachments lead to a Javascript or other script-based file that is designed to retrieve the Shade executable file.