LTS Secure Warning: Shade Ransomware Being Utilized To Cripple Various Sectors Around The World

Shade Ransomware, which is also known as Troldesh, was first detected in the year 2014, belongs to a ransomware family targeting devices running the Microsoft Windows OS. This Ransomware is majorly found striking High-Tech, Wholesale, and Education sectors in Countries such as United States, Canada, India, Japan & Thailand.

 

Technical Details

Shade has been around since 2014, is spread via malspam campaign. The attachments that come along with the mail are mostly zip format & presented to the receiver as something he/she has to open instantly. Once downloaded & opened, a JavaScript is executed that downloads the malicious payload “Shade Ransomware”. The malicious payload is usually hosted on compromised sites that make use of Content Management System (CMS).

Once the ransomware deployed, it start encrypting all the files present on the victim device using AES 256 encryption in CBC mode. Once the encryption process is finished, the ransomware drops multiple README.txt file on the device. All the files contain the same message, which are the instructions that need to be followed by the victim in order to decrypt the files.

 

Impact

  • Downtime in Business Critical operations.
  • Damage of hostage systems, data, and files.
  • Operational and financial loss to the Business or an individual.

 

Recommended Actions

  • Ensure that your devices are always up-to-date with the latest patches released.
  • Regularly update your antivirus software & perform malware scans to protect against unknown threats.
  • Avoid Opening emails & attachments from unknown senders.
  • Tighten the grip on Endpoints systems by using appropriate GPO & App-locker in MS environments.
  • Take system back-ups on regular intervals.