Free Decryption Tools for Shade Ransomware Now Available

Threat Watch

Threat Watch Free Decryption Tools for Shade Ransomware Now Available

Free Decryption Tools for Shade Ransomware Now Available

After a relatively short wait, Bitdefender Labs and Kaspersky have released decryptors for the Shade ransomware for free. Both companies have pages dedicated to walking victims through the decryption process. Just over a week ago, the operators behind the Shade ransomware (also known as Troldesh) created a GitHub repository full of decryption keys for all of their victims. Included with this were over 750,000 keys from individual infections and five “master” keys. With all keys being made available, researchers have everything they need to create a decryptor for any victim to recover their files.

ANALYST NOTES

To recover files that have been encrypted by Shade, simply follow one of the links below to download the freely available tools released by Bitdefender Labs or Kaspersky. These tools may not be the only ones available and more may be released in the future. Each link will offer a download and a guide on how to recover encrypted files. Binary Defense highly recommends not deleting any of the encrypted files until after ensuring that they successfully decrypted and are usable.

Sources: https://labs.bitdefender.com/2020/05/shade-troldesh-ransomware-decryption-tool/

https://support.kaspersky.com/viruses/disinfection/13059#block1

The war in Ukraine and its impact on how China views Taiwan

Digging through Rust to find Gold: Extracting Secrets from Rust Malware

5 Critical Criteria for evaluating Managed Detection & Response (MDR)

How Ransomware Capabilities Are Evolving and What You Can Do to Keep Your Organization Secure

Threat Watch