Threat Watch

Free Decryption Tools for Shade Ransomware Now Available

After a relatively short wait, Bitdefender Labs and Kaspersky have released decryptors for the Shade ransomware for free. Both companies have pages dedicated to walking victims through the decryption process. Just over a week ago, the operators behind the Shade ransomware (also known as Troldesh) created a GitHub repository full of decryption keys for all of their victims. Included with this were over 750,000 keys from individual infections and five “master” keys. With all keys being made available, researchers have everything they need to create a decryptor for any victim to recover their files.

ANALYST NOTES

To recover files that have been encrypted by Shade, simply follow one of the links below to download the freely available tools released by Bitdefender Labs or Kaspersky. These tools may not be the only ones available and more may be released in the future. Each link will offer a download and a guide on how to recover encrypted files. Binary Defense highly recommends not deleting any of the encrypted files until after ensuring that they successfully decrypted and are usable.

Sources: https://labs.bitdefender.com/2020/05/shade-troldesh-ransomware-decryption-tool/

https://support.kaspersky.com/viruses/disinfection/13059#block1