Russia hit by a new kind of ransomware


All these days whenever a cyber attack of ransomware variant took place, media resources around the world reported that the hack could have been launched by hackers from Russia or those associated with Russian intelligence.

But now, the news is out that the online users in Russia are facing a cyber threat from a new ransomware variant which spreads in the form of malicious javascript email attachments i.e phishing attacks.

Known as Shade or Troldesh, the ransomware developed in the Russian language is reportedly spreading in the form of spam with the file code Win32/Filecoder.shade.

Researchers from ESET were the first to report on this issue about the malicious spam campaign which emerged in January 2019. The security experts from the Slovakian based firm discovered that the campaign actually started in Oct’18 and then became dormant during the Christmas season. Again the developers of the ransomware started to spread the malware with more vigor from Jan’19 and that might be due to their recent purchase of the new set of business-related email addresses available in bulk from the dark web.

Telemetry stats of ESET notifies that the campaign spreading the Shade ransomware in Jan’19 was most active in Russia with 52% detection of the malicious JavaScript attachments. Other countries which were affected by the shade ransomware campaign includes Ukraine, France, Germany, and Japan.

Cybersecurity Insiders has learned that the hackers are spreading the shade or Troldesh malware in the form of emails written in Russia and having a ZIP archive attachment named as “” or “”.

ESET researchers have found that the hackers are demanding $8000 in Crypto to decrypt the locked files of the infected database.

So, all you Russians out there, please be aware of this threat lurking in the cyber landscape and avoid opening of any suspicious attachments or URL links in your emails.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display