The Week in Ransomware – May 1st 2020

For the victims of the Shade Ransomware, otherwise known as Troldesh, this was an excellent week as the threat actors released over 750,000 decryption keys for their victims.

The Shade operators claimed to have shut down their operation at the end of 2019 and decided to release all of the master and individual decryption keys so that victims could recover their files for free.

Using these keys, Kaspersky has updated its ShadeDecryptor so that it can now decrypt any user who was encrypted by the Shade Ransomware in the past.

Other news this week includes a pharmaceutical company named ExecuPharm who filed a data breach notification after the actors behind the Clop Ransomware leaked stolen data

Other than that, it was just more releases of new variants of existing ransomware.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @demonslay335, @malwrhunterteam, @struppigel, @FourOctets, @fwosar, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @VK_Intel, @Seifreed, @LawrenceAbrams, @malwareforme, @PolarToffee, @emsisoft, @ValthekOn, @John_Fokker, @fbgwls245, @coveware, @James_inthe_box, and @Amigo_A_.

April 25th 2020

New COVID-19 themed Android Ransomware

MalwareHunterTeam found a COVID-19 themed Android ransomware infection that appends the .encrypted extension to encrypted files.

April 26th 2020

New Qewe STOP Ransomware variant

dnwls0719 found a new variant of the STOP ransomware that appends the the .qewe extension to encrypted files.

April 27th 2020

Shade Ransomware shuts down, releases 750K decryption keys

The operators behind the Shade Ransomware (Troldesh) have shut down their operations, released over 750,000 decryption keys, and apologized for the harm they caused their victims.

April 29th 2020

Coveware Q1 ransomware report

The Coveware ransomware marketplace report aggregates observed trends from enterprise ransomware incidents in Q1 of 2020. During the first quarter of 2020 ransomware threat actors took advantage of the economic and workplace disruption caused by the COVID-19 outbreak. Spam attacks related to the outbreak surged and seldom used ‘work-from-home’ network configurations led to increased ransomware attacks across the board. Some threat actor groups continued attacking healthcare organizations, while others refused to target them. Our report shows victim demographics and resolution metrics based on actual ransomware cases handled by the Coveware Incident Response team.

April 30th 2020

Clop ransomware leaks ExecuPharm’s files after failed ransom

Clop ransomware leaked files stolen from U.S pharmaceutical company ExecuPharm after ransom negotiations allegedly failed.

Shade Ransomware Decryptor can now decrypt over 750K victims

Kaspersky has released an updated decryptor for the Shade Ransomware (Troldesh) that allows all victims who have their files encrypted to recover them for free.

Tales From the Trenches; a Lockbit Ransomware Story

We believe there is real opportunity to learn from incident response cases and previous attacks, hence why this blog is dubbed ‘tales from the trenches’. In collaboration with Northwave, this article describes a real-life case of a targeted ransomware attack. During one of their recent incident responses, Northwave encountered a relatively new family of ransomware called LockBit performing a targeted attack. 

May 1st 2020

New phishing campaign packs an info-stealer, ransomware punch

A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware.


Emsisoft releases updated Jigsaw Ransomware decryptor

Emsisoft released an updated decryptor to support the .zemblax extension described in the previous article.

New Mpal STOP Ransomware variant

Michael Gillespie found a new variant of the STOP ransomware that appends the .mpal extension to encrypted files.

That’s it for this week! Hope everyone has a nice weekend!


Next Post

Mouse brains seen in unprecedented 3D detail, thanks to new staining technique | Science

Sat May 2 , 2020
Scientists imaged a mouse brain with a new staining method that can image up to four molecular targets at once (three targets shown above). RIKEN/Creative Commons By Dennis NormileMay. 1, 2020 , 11:15 AM Scientists studying brains and other organs and cancerous tumors have long tried to get detailed 3D views of […]