Shade8 is a file locker that adds the “shade8” extension to user files, in addition to encrypting them. It’s based on the Hidden Tear open-source ransomware and is totally decryptable — it has a built-in backdoor that the creator put it there.
Shade8 Ransomware quicklinks
- What does Shade8 do?
- How to stay safe against ransomware
- How to decrypt Shade8 and remove the virus
- Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Shade8 uses cryptography to lock common file types and, in theory, only the developers of the ransomware would have the key. The victim is then forced to lose their files or pay money to the criminals and hope they send the decryption information.
Luckily, Shade8 broken files can be decrypted, but it doesn’t change the fact that this is malware that can cost people time and stress. It’s also a sign that the infected computer’s security needs to be improved before other threats can infiltrate.
Shade8 ransomware details:
| Shade8 details |
|
|---|---|
| Distribution |
|
| Remote Shade8 |
|
| Decrypt the files |
|
What does Shade8 do?
The most obvious sign of a Shade8 infection is the desktop background being set to a picture of a hooded figure with ominous words saying that only one group can get your files back:
If your data is necessary for you, we are the only ones who can give it back to you
[email protected]
SHADOW
You also find your files (likely, most of them) renamed to have “.shade8” at the end. For example, a file called picture.jpg would be renamed to picture.jpg.shade8.
There are also the ransom notes in the folders that were affected by Shade8. They’re called READ_THIS.txt and contain this text:
If you want your data, [email protected]
Shade8 was discovered recently and quickly pinned down as a Hidden Tear project. Other examples of ransomware based on HiddenTear are HiddenBeer, Qinynore, as well as Ahihi, which modified the template a bit. If Shade8 is unmodified Hidden Tear, it should be decryptable.
Still, Shade8 is genuine malware, it used the same distribution as malware — and some victims might have contacted the extortionists already and maybe even sent money to them. This is always a bad idea because there are no guarantees that the decryption tool is sent — the criminals can just take the money and do nothing. Shade8 doesn’t say anything about that, but Bitcoin or another cryptocurrency is probably used for the transactions, which makes them irreversible.
How to stay safe against ransomware
In general, ransomware is spread using email attachments that, when opened, download the malware. Criminals can also hack remote desktop connections to plant malware on a computer and make other destructive changes, like disabling your anti-malware program.
Shade8 isn’t exactly like that — this ransomware was uploaded online, on a malicious webpage. It could have been automatically downloaded if you were to visit the infected page. If you clicked on a link to it, or some ad opened the address, that would have also resulted in a Shade8 infection.
Be careful before clicking on links in social media, in your DMs, in your email. They’re spread by accounts that impersonate famous people, by hacked accounts of your friends, by letters that are mysterious and just tell you to open the attachment — the criminals try to manipulate people into opening unfamiliar links and files. The types of sites that have overly aggressive ads are also generally quite dangerous because they tend to promote malware. Careful browsing can help avoid that.
You could use real-time protection against malicious sites which would block known malicious URLs. That doesn’t protect you against the very newest attacks, such as during the time between Shade8 being uploaded and the first victims discovering it.
So, have a backup of your data from which you could always restore your files if you lose them. Remember to regularly update the files, keep your backup up-to-date.
How to decrypt Shade8 and remove the virus
Here is the link to the generic Hidden Tear decrypter software that was developed by a researcher for the victims’ convenience. It should work and its creator has said that Shade8 is easily decryptable.
However, before that, it’d be helpful to remove the ransomware. Otherwise, it might continue messing with your files, even double-crypting them, which might complicate the file recovery process. For this task, you can use any reputable anti-malware tool, such as SpyHunter. Just don’t delete the encrypted files.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,