Hello, world!

This was a big week for ransomware news and analysis! Let’s start with Shade team’s GitHub dump and go from there!

Decryption keys from Shade

A group of individuals asserting to be responsible for the Shade strain of ransomware uploaded decryption keys and information on GitHub in the repository shade-team/keys.

The repo includes a fairly detailed README that concludes with a helpful note for those seeking to recover files encrypted by Shade ransomware:

If you have any difficulties we advice you to wait until the antivirus companies release more convenient utilities for the decryption. Or you can ask for the free help on one of the thematic forums.

Shade Decryptors

Per NoMoreRansom.org, both Kaspersky and McAfee have released decryptors. Infosec Twitter asserts that the decryptors work as expected.

Microsoft on Ransomware

Microsoft’s Threat Protection Intelligence Team has another excellent blog post about ransomware group techniques, including some comparisons between crews such as Maze, REvil/Sodinokibi and NetWalker:

READ Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk

Ransomware Round-Up


Ransomware and BTC Tokens


Ransomware Tweet of the Week


Q: How do you say “ransomware” in Russian?

A: программы-вымогателя

The site context.reverso.net includes the English and Russian translations for several phrases including the term ransomware.