The Shade ransomware developers on Monday announced that they had discontinued operations and released public decryption keys to allow victims to recover files free of charge.
The Shade has been present on the malware landscape since 2014, also named Troldesh and Encoder.858. The Trojan has been upgraded with backdoor capabilities in 2016 and was one of the most prevalent threats last year, with over 340 encryption file extensions (Using AES 256).
Shade was spread predominantly via phishing emails with malicious ZIP files. Security researchers noticed last year that it was the most prevalent malware stored in secret “approved” directories of HTTPS pages.
Now, the developers of the ransomware state that at the end of the past year, they finally stopped spreading malware and planned to shop and release over 750,000 decryption keys, along with the decryption utility.
“Now we made a decision to put the last point in this story and to puRansomware Shutdownblish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools,” the ransomware authors noted on GitHub.
The developers also say that other operating data, including the Trojan source code, have been lost.
“We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data,” they say.
Also, the developers of ransomware released guidance on how victims can retrieve their files without dedicated decryption instruments.
Victims are advised to wait for anti-malware firms to release official decryption tools for Shade encrypted files. Still, the information is not yet available on when these utilities are accessible.