Issue: How to Use Shade Ransomware Decryption Tool?
Yesterday I opened an email attachment and installed Shade ransomware, as I understand now. I suspected that this email might be malicious, but curiosity won, and I opened that stupid email… Now I can‘t access data/ All files have .no_more_ransom file extension. I haven‘t paid the ransom, and I‘m not planning to do so, but there are some nice pics and important docs that I would like to restore. No backups. Is it possible?
Shade is a ransomware infection circulating on the Internet for the past two years. Usually, it infects computers via exploit kits, infected email attachments or fake software updates. Once the malicious Shade installer is executed, the virus encrypts all personal files stored on the system and attaches a file extension to each of them. The encrypted files will have different file extensions, including attack .breaking bad, .heisenberg, .windows10, .7h9r, .xtbl, .ytbl, .da_vinci_code, .no_more_ransom and .better_call_saul extensions. Once the data is encrypted, the desktop background of the target computer is replaced by a ransom note and opens up an README.txt file, which contains information about the fact of ransomware attack and the instructions on how to transfer the ransom (via email address and Tor server).
The greatest proliferation of Shade ransomware has been recorded in 2016. Nevertheless, security experts warn that it‘s still active in UK, France, Germany, Italy, Ukraine, Russia, and several other European regions. Thousands of people lost money for the unique decryption key. The others said goodbye for their photos, documents, video files, and other personal information and decided not to support cyber criminals. However, if you have fallen a victim of Shade ransomware virus, you should not even consider paying the ransom to decrypt your files. Although this pest uses an AES 256 encryption algorithm, which means that it‘s not possible to decrypt files without a unique code, security specialists managed to crack the code and released the Shade ransomware decryptor. However, before downloading and running this tool, you will have to remove Shade ransomware and only then decrypt encoded files.
How to Uninstall Shade Ransomware?
How to Recover Files Encrypted by Shade Ransomware?
Security experts are extremely concerned about a pandemic ransomware distribution and, therefore, work hard to help people decrypt their files without paying the ransom. Unfortunately, but only a small part of ransomware viruses were cracked and the free decrypter released. Luckily, Shade virus belongs to the minority, meaning that it has a free decryption tool. Download the free Shade decrypter and then follow these steps:
- Extract the “ShadeDecryptor.zip” file using a file archiver.
- Double-click on the “ShadeDecryptor.exe” file, enter the administrator password in the UAC, and press “Yes” to confirm.
- When the ShadeDecryptor window opens, click ‘Change parameters” and navigate to the “Settings” window.
- Select the drives that you want to scan in the “Objects to scan.”
- Check the “Additional options” box. Otherwise, the encrypted files will be left in the system after the decryption and press “OK.”
- In the next window, click “Start scan” and follow the on-screen instructions.
If you are open for the experiments, you may also try to decrypt files encrypted by Shade ransomware using a System Restore Point or Volume Shadow Copies. If your system has been infected by Shades version 1 or 2, the shadow copies of your personal files should not be damaged. Therefore, you may try these methods as well. For the instructions, please refer to this pos.