The operators behind the infamous Shade ransomware recently announced that they have shut down their operations. The hacker group released over 750,000 decryption keys and also apologized for the damages they caused to victims. In a GitHub repository, the operators stated that they stopped distributing the ransomware and other malicious activities at the end of 2019. They also provided instructions on how to encrypt and recover files using the released keys.
Shade ransomware was considered as one of the most dangerous threat actor groups which has been active since 2014. The Shade group, also known as Troldesh and Encoder.858, attacked several organizations in Russia and Ukraine by distributing malware via spam phishing mails and malicious attachments.
“We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousand at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools,” the hacker group said in a statement.
Along with 750K individual victim’s decryption keys, the repository also contained a decryptor, five master decryption keys, and the instructions on how to use them. Some security researchers also confirmed the validity of the released keys and working on creating a free decryption tool.
“All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data,” the statement added.