The ransomware known as Shade has traditionally been targeted at Russia, but is now being seen targeting the US and other nations. Shade has been around since 2014 and researchers found that the coding is very similar to the original. The US, Japan, India, Canada, and Thailand appear to be the newly targeted countries which indicates that Russian users have developed patches to easily fix the virus. Now cybercriminals must expand their operations to try to generate new revenue streams. The Shade ransomware is distributed through spam emails that have a link to an attachment which is disguised as a bill of some sort. Once the attachment is clicked, the ransomware executes and begins to encrypt the user’s files. The ransomware then creates a new home screen that displays the ransom note and an email address that the user must contact to pay the ransom.
Analyst Notes
Shade is another example of why users should have secure backups of all their files. Creating backups on an external device is the number one way to fix ransomware without paying the ransom. Users should also practice basic cybersecurity by not opening unknown or suspicious email attachments. If emails are received that look suspicious then it should be deleted immediately.
