It was a great week for the victims of Shade Ransomware, also known as Troldesh, as the killer’s actors released more than 750,000 decryption keys for their victims.

The Shade operators said they had stopped their work at the end of 2019 and decided to release all important keys and individual decryption keys so the victims could retrieve their files for free.

Kaspersky used these keys to update his ShadeDecryptor so that it can now decrypt any user who has been encoded with Shade ransomware in the past.

Also in this week’s news is the pharmaceutical company ExecuPharm, which filed a data breach complaint after the sponsors of Clop Ransomware revealed stolen data.

Moreover, these were only new versions of the existing ransom money.

The authors and those who have provided new information and stories about this week’s ransom are Daniel Gallagher, @demonslay335, @malwrhunterteam, @struppigel, @FourOctets, @fwosar, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @VK_Intel, @Seifreed, @LawrenceAbrams, @malwareforme, @PolarToffee, @emsoft, @ValthekOn, @John_Fokker, @fbgwls245, @Lawveware, @James_inthe_box and @Amigo_A_.

25. April 2020

New COVID-19 Android Ransomware Theme

MalwareHunter’s team discovered COVID-19, a thematic Android buy-out infection which adds an .encrypted extension to encrypted files.

26. April 2020

New Qewe STOP put option

dnwls0719 have found a new STOP redemption option that adds the .qewe extension to encrypted files.

27. April 2020

Shadow Ransomware is switched off, releases 750K decryption key

The operators behind Shade Ransomware (Troldesh) stopped work, released more than 750,000 decryption keys and apologized for the damage they caused to their victims.

29. April 2020

Forgery software Q1 Refund report

Coveware’s report on the reimbursement market provides an overview of the trends in corporate reimbursement incidents in the first half of 2009. The two companies will meet in the second quarter of 2020. In the first quarter of 2020, entities threatened with ransom have benefited from the economic and production factors caused by the emergence of COWID-19. The frequency of outbreak-related spam attacks has increased and rarely used network configurations have led to an increase in ransom attacks on the network. Some groups of threat actors continued to attack health organisations, while others refused to attack them. Our report presents the demographics of the victims and the resolution rates based on the actual repurchase cases handled by Coveware’s incident team.

30. April 2020

Clop ransomware revealed ExecuPharm files after failed acquisition

Clop ransomware disclosed stolen files to the U.S. pharmaceutical company ExecuPharm after the alleged failure of the ransom negotiations.

Shadow Ransomware Decryptor can now decipher more than 750K casualties

Kaspersky has released an update of the decryptor for Shade Ransomware (Troldesh), allowing all victims who have encrypted files to retrieve them for free.

Slot stories; Limitations on redemption

We believe that there is a real opportunity to learn from examples of reactions to incidents and attacks from the past, hence the name of this blog Trench Tales. In collaboration with Northwave, this article describes a real case of a targeted ransom attack. In a recent incident, Northwave came across a relatively new family of ransom demands, called LockBit, carrying out a targeted attack.

1. May 2020

New packaging for the Infoprotectant anti-phishing campaign, Buyout Punch

The new phishing campaign divides the double exchange of malware to steal information about LokiBot and a second payload under the name Jigsaw Ransomware.


Emsisoft releases an update of the Jigsaw Ransomwaredecoder.

Emsisoft has released an update for Decryptor which supports the .zemblax extension described in the previous article.

New repurchase option Mpal STOP

Michael Gillespie has found a new version of the ransom software STOP which adds the .mpal extension to encrypted files.

It’s the big day this week! I hope everyone has a great weekend!michael gillespie ransomware,id ransomware,ransomware decryptor,ransomware download,ransomware website,ransomware signatures,ransomware forum,ransomware hashes