Shade Threat Actors Call It Quits, Release 750K Encryption Keys

2020-04-30 12:17

The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware.

User "Shade-team" posted four files on the code repository earlier this week, one containing the file keys and four "ReadMe" files with decryption instructions and other information.

These links and attachments then would lead to a Javascript or other script-based file that is designed to retrieve the Shade executable file.

Last year research from Palo Alto Networks' Unit 42 emerged that Shade's threat actors had expanded their scope outside of Russia with the majority of the ransomware's executables actually occurring in other countries.

When a Windows host became infected with Shade ransomware, its desktop background announced the infection, and then 10 text files would appear on the desktop, named README1.

News URL

https://threatpost.com/shade-threat-actors-call-it-quits-release-750k-encryption-keys/155335/

#encryption #threat