The Shade has been present on the malware landscape since 2014, also named Troldesh and Encoder.858. The Trojan has been upgraded with backdoor capabilities in 2016 and was one of the most prevalent threats last year, with over 340 encryption file extensions (Using AES 256). Shade was spread predominantly via phishing emails with malicious ZIP files. Security researchers noticed last year that it was the most prevalent malware stored in secret “approved” directories of HTTPS pages. Now, the developers of the ransomware state that at the end of the past year, they finally stopped spreading malware and planned to shop and release over 750,000 decryption keys, along with the decryption utility. The developers also say that other operating data, including the Trojan source code, have been lost. Also, the developers of ransomware released guidance on how victims can retrieve their files without dedicated decryption instruments. Victims are advised to wait for anti-malware firms to release official decryption tools for Shade encrypted files. Still, the information is not yet available on when these utilities are accessible.
