Shade Ransomware emerged in late 2014; it includes malicious spam emails or exploits kits as their primary attack vectors. In a recent campaign, hackers abuses CMS such as WordPress and Joomla Sites to host the Shade Ransomware payload.
According to Palo Alto report, the following are the top countries affected by the ransomware strain that includes the United States, Japan, India, Thailand, and Canada. The top industries affected are High-Tech, Wholesale, and Education.
The ransomware delivered through malicious spam emails focused on Russian and English language Emails. The email poses to be as an invoice or bill.
When comparing with EXE samples since 2016, there are no remarkable changes; it was first reported as Troldesh in late 2014.