Last weekend, Shade cryptographic operators (aka Troldesh) reported that their malware finally shut down, as well as published on github Over 750,000 keys to decrypt files.
“We are the team that created the ransomware known as Shade, Troldesh or Encoder.858. In fact, we stopped distributing it at the end of 2019, and now we have decided to put an end to this story and publish all the decryption keys we have (more than 750,000 in total). We will also unveil our program for decrypting data.
We hope that with these keys antivirus companies will be able to release their own, more convenient decryption tools.
All other data related to our activities (including the source codes of the Trojan) were permanently destroyed. We apologize to all the victims of the trojan and hope that the keys published by us will help them recover their data, ”reads a brief statement from the Malvari operators, in which they do not explain the reasons for the termination of their activities.
Information Security Specialists from Kaspersky Lab confirmed authenticity of the published keys and assured that they are already working on creating a free tool to decrypt the affected data.
Prior to the termination of operations at the end of 2019, Shade was considered one of the oldest and most active encryptors in the market: it was first discovered in 2014, and for all subsequent years it worked practically without interruptions.
I must say that earlier experts at Kaspersky Lab and Intel Security (now McAfee) released several free decoders for this malvari, but the tools of the specialists were suitable only for some versions of Shade, the most relevant of which was dated 2017.
Thus, the keys released now should help restore the data of all affected users ever since these keys are suitable for all existing versions of the malware.