Ransomware Regret?

Ransomware is one of the most common and prevalent forms of malware that targets both personal and business computer systems. If you’re not familiar with it, ransomware holds data on your computer ransom by encrypting your files and only provides the decryption key if you pay a sum of money. Whether or not the attacker actually follows through after they get paid is an entirely separate concern. For further insight into what ransomware does and how to handle the forthcoming ransomware recovery, check out our post on responding to ransomware.

Recently, the creators of a strain of ransomware named Shade (also known as Troldesh or Encoder.858) released the decryption keys for their ransomware. This means that if you are, or have been, infected with the Shade ransomware variant, you may be able to recover your data.

The creators’ statement, made on their GitHub page, indicates that they may have had regret when it comes to the time, money, and stress that they have caused their victims. They apologized and provided the decryption information necessary to help recover data affected by the ransomware.

This is quite an interesting situation in that the bad guys are looking to help victims that they may have affected. It’s not often that you see this type of behavior in the cybersecurity world. Normally the good guys are trying to mitigate the actions of the bad guys, and when a solution to a problem is presented, it’s typically the ones playing defense that create it.

What this means for you

If you were infected by Shade ransomware and still haven’t recovered completely from it, this may be an opportunity to get your data back. If you were able to rise from the ashes of the ransomware incident, but some files were irrecoverable in the past, now is your chance to get that data back.

Unfortunately, this only covers one specific type of ransomware. There are many different variants out there, and the decryption process only applies to Shade variants.

Is this a sign of changing times?

Don’t get your hopes up. This isn’t likely to turn into an industry trend where the bad guys are reformed and want to help everyone out. Especially during the ongoing pandemic, ransomware and other attack methods have been increasing dramatically. The fact that more employees are working remotely, and fear of the unknown can create blind spots in one’s judgment, creates a perfect storm for attackers to get busy.

While these specific ransomware creators may be changing their tune, the rest of their peers aren’t. Security is becoming more and more critical to sustaining business operations than ever before. If you need help getting ahead of the curve or with ransomware recovery in general, we at Sikich are more than happy to step in.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author