Shade Ransomware Botnet Taken Down

The Shade Ransomware botnet has been taken down and new ransomware decryption tools have now been released to help victims recover their files.

The takedown was a joint effort by Intel Security, Kaspersky Lab, Europol, and the National High Tech Crime Unit (NHTCU) of the Dutch police.

Shade ransomware first appeared in 2014 and has been primarily used to infect individuals in Eastern and Central Europe. Shade ransomware was delivered via malicious files sent in spam email, although the ransomware was also added to exploit kits which performed drive-by downloads via malicious websites. Many individuals downloaded the ransomware and were forced to pay the ransom or lose their files.

Shade Ransomware Decryption Tools Developed

The command and control servers used by the actors behind the ransomware have now been shut down. Master encryption keys have also been captured and used by Intel Security and Kaspersky Lab to develop decryption tools. The tools can be downloaded from the recently set up “No More Ransom” website. Rather than charging for the decryption tools, both companies are providing them for free.  The decryption tools are effective against versions 1 and 2 of Shade ransomware.

The fight against ransomware cannot be conducted by companies in isolation. Improved collaboration is necessary in order to tackle the growing threat from ransomware. Government organizations, local law enforcement teams, Computer Emergency Response Teams, and private sector companies are being encouraged to work together to tackle the growing ransomware problem.

New Ransomware Initiative Launched

The No More Ransom project is an initiative that it is hoped will prove effective in the fight against organized cybercrime. The new website provides advice on ransomware prevention and best practices to adopt to reduce the risk of infection.

Developers of the new resource hope the site will help to improve intelligence sharing and will educate businesses and the general public about the threat of ransomware.

In a recent blog post, EMEA CTO for Intel Security, Raj Samani, explained that that the No More Ransom project “goes beyond intelligence sharing, consumer education, and takedowns to help repair the damage inflicted upon victims.” Samani went on to say, “By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with ransom payments.”

Making ransomware less profitable for cybercriminals is essential. Some ransomware campaigns have netted cybercriminal gangs vast sums of money. A report issued by the Cyber Threat Alliance in 2015 indicated version 3 of CryptoWall resulted in ransomware payments of $325 million being obtained. With profits as high as that it is no surprise that so many individuals are willing to get in on the act.

McAfee Labs figures confirm the extent of the problem. Between Q4 2015 and Q1 2016, ransomware infections increased by 26%, while a rise of 116% was reported for the year up until March 31, 2016.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of