The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.
The Shade Ransomware has been in operation since around 2014. Unlike other ransomware families that specifically avoid encrypting victims in Russia and other CIS countries, Shade targets people in Russia and Ukraine predominantly.
According to Michael Gillespie, the creator of the ransomware identification site ID Ransomware, submission related to the Shade Ransomware has been steady over the years until the end of 2019 when it started to dwindle.
Facts in a nutshell:
- Keys and decrypter released here: github.com/shade-team/keys
- The decrypter is not user friendly. So Kaspersky will be updating its RakhniDecryptor with the keys.