Some good news in the ransomware world, which is so rare these days.
The Shade (Troldesh) ransomware group has retired and is shutting down. When do you ever hear that a ransomware group is shutting down? According to reports, Shade has publicly announced that it is retiring (apparently it has made enough money to do so) and is releasing 750,000 decryption keys for victims to get their data back.
Kaspersky Lab is reported to be developing a tool to assist with the decryption for those who have files that were decrypted in the past. If businesses were affected by Troldesh and still have the database that was encrypted, they may be able to use the tool to decrypt and recover the data that were lost.
In retiring, Shade said “We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data.” But they aren’t returning all of the money that they stole from victims.