The malicious actors behind Shade ransomware made an unusual announcement on GitHub, not only publishing all 750,000 decryptor keys for the malware but apologizing for their criminal actions.

“We are the team which created a trojan-encryptor mostly known as Shade, Troldesh or Encoder.858. In fact, we stopped its distribution in the end of 2019." the operators purportedly posted. "All other data related to our activity (including the source codes of the trojan) was irrevocably destroyed. We apologize to all the victims of the trojan and hope that the keys we published will help them to recover their data."

Each key decryptor likely represents one attack making Shade particularly virulent during its time. The group gave no reason for its sudden change of heart and Shahrokh Shahidzadeh, CEO at Acceptto, said the reasoning doesn’t matter.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.