The hackers, creators of the Shade (or Troldesh) malware, decided to stop their activity, and to prove it, they put 750,000 decryption keys online to allow victims of their ransomware to regain access to their data.
Your PC is infected with a virus and your data is no longer accessible. To regain access, please make a transfer to this account ”. This is roughly how a ransomware (or ” rançongiciel ” in French), a type of malware that blocks a corporate network or the computer of an individual and demand a ransom to unlock. One of the best known and oldest is Shade (or Troldesh), and since 2014, it has claimed thousands of lives, mainly in Russia and Ukraine.
But we must now talk about it in the past since its creators have just announced on Github that they had decided to ” put an end to this story “. The hackers apologize ” to all the victims of the Trojan horse ” and they ” hope that the keys released will help them recover their data “. Because these hackers therefore have a heart since they put online with less than 750,000 decryption keys , allowing victims of the ransomware to unlock their computer.
Antivirus vendors to integrate decryption keys
Is it a bluff? Not at all responds to BleepingComputer Sergey Golovanov, an expert from the antivirus editor Kaspersky , who verified that the keys put online were indeed authentic and functional. To do this, he used a Shade infected test machine, and Kaspersky also announced that he had integrated these hundreds of thousands of keys inside his anti-ransomware tool to facilitate disinfection of infected computers.
The authors of Shade also put their own decryption software online to help victims recover their data . They also rely on antivirus vendors, such as Kaspersky, to integrate their tool and thus ensure that as many people as possible can get redress.