- Joined
- May 15, 2016
- Messages
- 14,127
- Likes
- 2,643
- Points
- 1,730
The developers of the Shade ransomware virus, also known as Troldesh, have made publicly available over 750 thousand keys with which victims of their attacks can decrypt their files.
In their appeal, hackers said that they had stopped the malware spreading campaign at the end of 2019 and now decided to “put an end to this story.” In addition to the keys, they published their own program for decrypting data.
“We hope that with these keys antivirus companies will be able to release their own, more convenient decryption tools. All other data related to our activities, including the source codes of the Trojan, were permanently destroyed. We apologize to all the victims of the trojan and hope that the keys published by us will help them recover their data. ”
The authenticity of the keys has already been confirmed by Kaspersky Lab experts. Now they are working on a free tool for recovering ransomware-encrypted files.
#Shade #Troldesh # Encoder.858 #ransomware just dropped all keys to public https://t.co/KhmrMJOieZ decryption tools will be available ASAP!
- Sergey @ k1k_ Golovanov (@ k1k_) April 27, 2020
The Troldesh virus was first detected in 2014. One of the last mass infections by him occurred in March 2019. Then large Russian banks and retail chains began to receive letters allegedly on behalf of airlines, car dealers and the media with proposals for a deal.
The letters contained a password-protected archive, upon opening of which the files on the victim’s device were encrypted, and hackers demanded a ransom for their unlocking.
In June 2019, a cryptocurrency miner was added to the functionality of the virus.
Source: forklog.com
In their appeal, hackers said that they had stopped the malware spreading campaign at the end of 2019 and now decided to “put an end to this story.” In addition to the keys, they published their own program for decrypting data.
“We hope that with these keys antivirus companies will be able to release their own, more convenient decryption tools. All other data related to our activities, including the source codes of the Trojan, were permanently destroyed. We apologize to all the victims of the trojan and hope that the keys published by us will help them recover their data. ”
The authenticity of the keys has already been confirmed by Kaspersky Lab experts. Now they are working on a free tool for recovering ransomware-encrypted files.
#Shade #Troldesh # Encoder.858 #ransomware just dropped all keys to public https://t.co/KhmrMJOieZ decryption tools will be available ASAP!
- Sergey @ k1k_ Golovanov (@ k1k_) April 27, 2020
The Troldesh virus was first detected in 2014. One of the last mass infections by him occurred in March 2019. Then large Russian banks and retail chains began to receive letters allegedly on behalf of airlines, car dealers and the media with proposals for a deal.
The letters contained a password-protected archive, upon opening of which the files on the victim’s device were encrypted, and hackers demanded a ransom for their unlocking.
In June 2019, a cryptocurrency miner was added to the functionality of the virus.
Source: forklog.com