Shade ransomware has been targeting hosts running Microsoft Windows, since 2014. It is also known as Troldesh. Distributed through Russian language as well as English language malspam campaigns and exploit kits, Shade ransomware encrypts files on your computer and appends an extension .crypted000007 with the name of each encrypted file.
When a Windows host is infected with Shade ransomware, its desktop background announces the infection, and ten text files appear on the desktop named README1.txt through README10.txt as shown in Figure 1.
These readme text files are the ransom notes as shown below:
Shade ransomware’s favorite victims fall under High Tech category in many countries including U.S, Japan, India, Thailand, Canada.
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)