During the first half of 2019, Shade Ransomware (also known as Troldesh) was the most famous malware through malicious email phishing campaigns according to the Singapore-based Group-IB security team.
Of all Malspam emails Identified and tested by the Group-IB Emergency Response Team (CERT-GIB), Shade Ransomware was the main malware strain used by the attackers to infect their target computers in H1 2019.
The three most common tools used in the attacks detected by the Emergency Response Team on the Group-IB computer are Troldesh (53%), RTM (17%) and Pony Formgrabber (6%).
Shade Ransomware is a version that is sold or rented in various markets crimeware as well as a ransomware known for using Tor constantly changing command and control servers (C2).
Although not necessarily new malware, Shade Ransomware is constantly updated with new features and features that keep it in demand.
The increase in Shade Ransomware activity was also confirmed by Avast researchers, who said their campaign focused mainly on Mexico and Russia, while potential victims from the United Kingdom and Germany were also very targeted.
His researchers Malwarebytes they also found that their demand would increase in the future, citing a sharp increase in crawls from the 4 2018 quarter to the 1 2019 quarter.
Finally, in related news, the FBI's Federal Bureau of Investigation (IC3) released a public service announcement on 2 in October about the increasing number of ransomware attacks affecting both public and private organizations. A.