Shade ransomware calls it a day, 750,000 decryption keys released

Shade ransomware calls it a day, 750,000 decryption keys released

Don’t ever give up hope that you’ll never get back the data encrypted on your computer by a ransomware infection.

Even if you aren’t prepared or able to pay the extortionists’ ransom, even if you don’t have a secure backup, there might still be a glimmer of hope.

For instance, news comes this week that the criminals behind the Shade ransomware not only decided to stop spreading their attacks at the end of last year, but they have also now released over 750,000 decryption keys to help victims restore their precious data.

Sign up to our free newsletter.
Security news, advice, and tips.

In a GitHub post, the so-called Shade Team announced that they were also publishing the source code for their decryption tools, in the hope that others might create their own easier-to-use decryption tools to help regular users.

Shade message

“We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019. Now we made a decision to put the last point in this story and to publish all the decryption keys we have (over 750 thousands at all). We are also publishing our decryption soft; we also hope that, having the keys, antivirus companies will issue their own more user-friendly decryption tools. All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed.”

In a tweet Kaspersky security researcher Sergey Golovanov confirmed that the decryption keys worked as advertised.

Quite what spurred this change of heart is unclear, but it’s certainly refreshing to hear a ransomware gang apologise to the many innocent people who will have suffered after their computers were hit:

We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.

Reading the decryption instructions published by the Shade Team it’s clear that not everyone will feel comfortable undertaking the process, and may find it better to ask a geeky friend to assist them. Let’s hope that researchers will be able to create easy-to-use tools soon that will help innocent victims recover data that they might have imagined they would never see again.

And there’s a lesson for all of us – never give up hope. Even if you can’t pay the ransom and don’t have a backup, don’t destroy your garbled data believing that you’ll never be able to recover it. Maybe one day someone will build a tool that can do a job, or a ransomware gang will have a change of heart.

Now if we can just stop ransomware gangs infecting health services we would really be making some progress…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Shade ransomware calls it a day, 750,000 decryption keys released”

  1. Horatiu Petrescu

    I personally think this might be a bit too late for the companies. It's been months already so I assume they either lost a lot of money (or their business) in the process, or restored their systems from backups immediately.
    And although the first impression is to say they did a good things, I think this is a similar reaction as in Stockholm Syndrome.

  2. Cooper

    keys are gone (404)

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.