Troldesh ransomware (also known as Shade or Encoder.858), which has been circulating since 2014, has gradually declined in activity since the end of 2019. Most ransomware was created in Russia and spread all over the world.
Researchers responsible for maintaining the ransomware feedback report list said that since the end of last year, the activity of the ransomware has gradually declined but no one knows why.
Now the answer is revealed by the developers of Troldesh. The hacker team behind the ransomware issued a statement saying that it will no longer continue to develop and maintain this ransomware.
The account named ShadeTeam claims to be the development and operation team of this ransomware. Currently, the team releases 750,000 decryption keys on the GitHub platform.
At the same time, the account also apologized to the victims in the statement. Affected users can use the decryption key to restore files previously encrypted by this ransomware.
The hacker team said it hopes that security software developers can use these keys to develop decryption tools, allowing victims to decrypt files more easily through the decryption tools.
Although the hacker team did not specify how many victims, but from the perspective of decryption keys, it is conservatively estimated that the victims should have exceeded one million in recent years.
Although the hacker has provided a simple decryption tool, the tool is very difficult to use, mainly because this ransomware does not use a unified decryption key.
However, Kaspersky has confirmed that these keys are valid, so the company is developing a decryption tool that is easy for users to decrypt. The specific release time is temporarily unknown.
Therefore, at this stage, we can only remind you that if you are accidentally infected by the ransomware, then don’t rush to reinstall the system and delete the encrypted files.
After major security companies have developed special decryption tools based on the decryption keys, using these decryption tools to decrypt directly is much easier.