All these days whenever a cyber attack of ransomware variant took place, media resources around the world reported that the hack could have been launched by hackers from Russia or those associated with Russian intelligence.
Known as Shade or Troldesh, the ransomware developed in the Russian language is reportedly spreading in the form of spam with the file code Win32/Filecoder.shade.
Researchers from ESET were the first to report on this issue about the malicious spam campaign which emerged in January 2019. The security experts from the Slovakian based firm discovered that the campaign actually started in Oct’18 and then became dormant during the Christmas season. Again the developers of the ransomware started to spread the malware with more vigor from Jan’19 and that might be due to their recent purchase of the new set of business-related email addresses available in bulk from the dark web.
Cybersecurity Insiders has learned that the hackers are spreading the shade or Troldesh malware in the form of emails written in Russia and having a ZIP archive attachment named as “info.zip” or “inf.zip”.
ESET researchers have found that the hackers are demanding $8000 in Crypto to decrypt the locked files of the infected database.
So, all you Russians out there, please be aware of this threat lurking in the cyber landscape and avoid opening of any suspicious attachments or URL links in your emails.