Hello, world!
This was a big week for ransomware news and analysis! Let’s start with Shade team’s GitHub dump and go from there!
Decryption keys from Shade
A group of individuals asserting to be responsible for the Shade strain of ransomware uploaded decryption keys and information on GitHub in the repository shade-team/keys.
The repo includes a fairly detailed README that concludes with a helpful note for those seeking to recover files encrypted by Shade ransomware:
If you have any difficulties we advice you to wait until the antivirus companies release more convenient utilities for the decryption. Or you can ask for the free help on one of the thematic forums.
Shade Decryptors
Per NoMoreRansom.org, both Kaspersky and McAfee have released decryptors. Infosec Twitter asserts that the decryptors work as expected.
Microsoft on Ransomware
Microsoft’s Threat Protection Intelligence Team has another excellent blog post about ransomware group techniques, including some comparisons between crews such as Maze, REvil/Sodinokibi and NetWalker:
READ Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
tweet 1255167365152739329
Ransomware Round-Up
- WIRED: The Covid-19 Pandemic Reveals Ransomware’s Long Game
- LockBit, the new ransomware for hire: a sad and cautionary tale
- Clop ransomware leaks ExecuPharm’s files after failed ransom
- Lucy malware for Android adds file-encryption for ransomware ops
- Ransomware mentioned in 1,000+ SEC filings over the past year | It looks like we are not the only ones poking around SEC filings for ransomware references.
- The Many Paths Through Maze | This is an excellent blog post from CrowdStrike that provides insight into their approach to reversing Maze ransomware samples.
/etc
Ransomware and BTC Tokens
Ransomware Tweet of the Week
tweet 1255147810594287617
FIN
Q: How do you say “ransomware” in Russian?
A: программы-вымогателя
The site context.reverso.net includes the English and Russian translations for several phrases including the term ransomware.