The operators behind Shade ransomware took to GitHub this week to announce they had shut down, issued an apology to their victims, and relinquished approximately 750,000 decryption keys in their possession.
On Thursday, Kaspersky Lab released an updated decryptor app that includes the newly-released keys and can unlock victims’ files for all versions of the Shade ransomware. Kaspersky researchers had previously developed a decryptor for older versions of Shade.
Shade, also known as Troldesh, was one of several early variants that drove the ransomware boom during the mid-2010s. First identified in 2014, Shade ransomware appeared to target predominantly European countries, including the U.K. Although the shutdown statement was made on April 26, Shade operators said they had actually stopped distribution at the end of 2019.
“All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed,” the group said in its statement on GitHub. “We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.”
