Shade ransomware sees an enormous growth in activity by using malware spam attacks
Shade Ransomware is an encryption ransomware infection. It is specifically built to take the victim’s device hostage, corrupting or encrypting the victim’s data and then demanding ransom money from thier victims to restore these files. PC experts are stating that you should avoid paying to restore these files, as there is no guarantee the attacker will restore the files, and even if they do, paying them encourages them to keep targeting you as their victim.
Recently, cybercriminals have started to use malware spam attacks to gain access to the victim’s device. Researches at Avast confirmed the rise in Shade ransomware activity and claimed the attacks specifically targeted Mexico and Russia.
These recent attacks are not only installing ransomware through malware spam , but they are also capable of mining cryptocurrencies and intensifying traffic on certain websites for ad revenue.
Cyber security specialists from Singapore investigated malware spam e-mails sent in the first half of 2019, and over fifty percent of malwares sent are Shade ransomware. Shade ransomware is topping the charts as the most commonly used malware at the moment.
Shade ransomware is famous for working through Tor C2 servers, which makes the attack hard to backtrack and defeat. Commonly known as Troldesh, they are sold or rented through malicious ware markets on the web. Cybercriminals send these malware infected attachments or links through e-mail during business hours, by doing so, increasing the likelihood of infecting computers. At the first half of 2019, seventy one percent of Shade ransomware were sent through Attachments, and twenty nine percent of them were sent through links. Ransomware attacks have over tripled since 2018.
Group-IB have reported in early June 2019, Shade ransomwares saw an increase in number in the first quarter as more than 1100 pishing emails were infected with Troldesh, however, that number witnessed an even greater increase to 6,000 in the second quarter.
Troldesh also has the capability to inflict traffic upon certain websites to generate ad revenue, mine cryptocurrencies and has a distinctive trait(from other ransomware) of dropping readme#.txt files and the contact information of the attacker on the attacked system, Malwarebytes said.
“Otherwise, it employs a classic attack vector that relies heavily on tricking uninformed victims. Nevertheless, it has been quite successful in the past, and in its current wave of attacks.”
Avast have stated that Russia and Mexico are specifically targeted, but Germany and U.K. are at risk too.