Shade8 Ransomware

Despite being very easy to decrypt, the HiddenTear open-source ransomware project continues to be used by cybercriminals rather frequently. This open-source ransomware builder toolkit allows them to create a fully functional file-locker in a matter of minutes. Such is the case with the Shade8 Ransomware, a file-encryption Trojan that uses a vanilla version of HiddenTear. This means that the author has not applied any important changes to the malware's code, and it uses the same predictable and decryptable file-encryption routine. Thanks to this, victims of the Shade8 Ransomware can rely on the free 'HiddenTear Decryptor' to give assistance with the recovery of their files.

This HiddenTear-Inspired File-Locker is Decryptable for Free

While the availability of a free decryption service is great news, we would still advise you not to underestimate the amount of damage that the Shade8 Ransomware is able to inflict. This file-locker targets a long list of file formats and will make sure to encrypt their contents before revealing its presence. All files that the ransomware locks will have their names changed to include the '.shade8' extension.

Of course, the authors of the Shade8 Ransomware want to make money, and this is why all attacks end with the creation of the ransom message 'READ_THIS.txt' that is placed on the desktop. Another change that the Shade8 Ransomware makes is to download a picture from a popular image-hosting service and then set it as the desktop background. Both the picture and text file tell victims to contact 4shadow@protonmail.com if they want to learn how to recover their files.

Needless to say, contacting the perpetrators of the attack is not necessary since they will not give out anything for free. You should use an anti-malware application to eradicate the ransomware's components, and then research how to use the free HiddenTear decryption utility to undo the damage done to your data.