Threat Database Ransomware Shade8 Ransomware

Shade8 Ransomware

The cyber crooks' interest in ransomware threats is ever-growing. While some very capable individuals have no issues building file-locking Trojans from scratch, others tend to use already available code. This is what happens with the newly uncovered Shade8 Ransomware.

The Encryption Process

After spotting this new data-encrypting Trojan, malware experts concluded that this is a variant of the popular HiddenTear Ransomware. However, the good news is that since the cybercriminals behind the Shade8 Ransomware have used the open-source builder toolkit of the HiddenTear Ransomware and have barely bothered changing the code, that means that this threat is decryptable. If the Shade8 Ransomware manages to compromise your system, it will scan your files. Once the files it is looking for are located, the Shade8 Ransomware will begin the encryption process, which will lock all marked files. The Shade8 Ransomware adds a '.shade8' extension to all the encrypted files. For example, an audio file called 'dream.mp3' will be renamed to 'dream.mp3.shade8.'

The Ransom Note

In the next phase of the attack, the Shade8 Ransomware will drop its ransom note on the victim's desktop. The note is called 'READ_THIS.txt.' The Shade8 Ransomware also will set a new image as the background, which can also be considered as a ransom message. The note and the image both state that the user has to get in touch with the attackers via email – ‘'

If you are one of the hapless victims of the Shade8 Ransomware, you can use the publicly available decryption tool called 'HiddenTear Decryptor' to unlock all the affected data. However, make sure you download and install a reputable anti-virus software suite to make sure you do not end up in a similar situation in the future because next time you may not be lucky enough to have a free decryption tool to take care of the problem.


Most Viewed