{"id":34729,"date":"2020-05-01T13:28:24","date_gmt":"2020-05-01T13:28:24","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=543915"},"modified":"2020-05-01T13:28:24","modified_gmt":"2020-05-01T13:28:24","slug":"this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/","title":{"rendered":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"300\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-300x300.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt=\"week in security\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-300x300.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-768x768.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-1024x1024.jpg 1024w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-640x640.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-900x900.jpg 900w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-440x440.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2018\/02\/Week-in-Security-News-Logo_RGB-380x380.jpg 380w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/p>\n<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how the operators of the Shade (Troldesh) ransomware have shut down and released more than 750,000 decryption keys. Also, learn about an attack using Zoom installers to spread a WebMonitor RAT malware.<\/p>\n<p>Read on:<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/us\/iot-security\/news\/5724\/The_Industry_4_0_lab_never_ignores_brownfields_What_POLIMI_and_Trend_Micro_aim_to_prove\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>The Industry 4.0 Lab Never Ignores Brownfields \u2013 What POLIMI and Trend Micro Aim to Prove<\/strong><\/a><\/p>\n<p><em>It takes time for new technologies to penetrate the market and even the most innovative technology must be used safely and with confidence. Industry 4.0 technology is no exception. Engineers and researchers, including those at Politecnico di Milano (POLIMI) and Trend Micro, are currently investigating how to map ICT technology principles onto OT environments, including factory environments.<\/em><\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/shade-troldesh-ransomware-shuts-down-and-releases-all-decryption-keys\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Shade (Troldesh) Ransomware Shuts Down and Releases Decryption Keys<\/strong><\/a><\/p>\n<p><em>The operators of the Shade (Troldesh) ransomware have shut down and, as a sign of goodwill, have released more than 750,000 decryption keys<\/em> <em>that past victims can now use to recover their files. Security researchers from Kaspersky Lab have confirmed the validity of the leaked keys and are now working on creating a free decryption tool.<\/em><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/top-ten-mitre\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Trend Micro\u2019s Top Ten MITRE Evaluation Considerations<\/strong><\/a><\/p>\n<p><em>The MITRE ATT&amp;CK framework, and the evaluations, have gone a long way in helping advance the security industry, and the individual security products serving the market.<\/em> <em>The insight garnered from these evaluations is incredibly useful but can be hard to understand. In this blog, read Trend Micro\u2019s top 10 key takeaways for its evaluation results.<\/em> <strong>&nbsp;<\/strong><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2020\/04\/android-banking-keylogger.html\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>New Android Malware Steals Banking Passwords, Private Data and Keystrokes<\/strong><\/a><\/p>\n<p><em>A new type of mobile banking malware has been discovered abusing Android\u2019s accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Dubbed \u201cEventBot\u201d by Cybereason researchers, the malware can target over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets.<\/em><em>&nbsp;<\/em><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/principles-of-a-cloud-migration-security-the-w5h-episode-what\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Principles of a Cloud Migration \u2013 Security, The W5H \u2013 Episode WHAT?<\/strong><\/a><\/p>\n<p><em>Last week in Trend Micro\u2019s cloud migration blog series, we explained the \u201cWHO\u201d of securing a cloud migration, detailing each of the roles involved with implementing a successful security practice during the migration. This week, Trend Micro touches on the \u201cWHAT\u201d of security: the key principles required before your first workload moves.&nbsp;<\/em><strong><em>&nbsp;<\/em><\/strong><\/p>\n<p><a href=\"https:\/\/threatpost.com\/critical-wordpress-e-learning-plugin-bugs-cheating\/155290\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Critical WordPress e-Learning Plugin Bugs Open Door to Cheating<\/strong><\/a><\/p>\n<p><em>Researchers have disclosed critical-severity flaws in three popular WordPress plugins used widely by colleges and universities: LearnPress, LearnDash and LifterLMS. The flaws, now patched, could allow students to steal personal information, change their grades, cheat on tests and more.<\/em><strong><em>&nbsp;<\/em><\/strong><\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/webmonitor-rat-bundled-with-zoom-installer\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>WebMonitor RAT Bundled with Zoom Installer<\/strong><\/a><\/p>\n<p><em>The COVID-19 pandemic has highlighted the usefulness of communication apps for work-from-home setups. However, as expected, cybercriminals look to exploit popular trends and user behavior. Trend Micro has witnessed threats against several messaging apps, including Zoom. In April, Trend Micro spotted an attack using Zoom installers to spread a cryptocurrency miner. Trend Micro recently encountered a similar attack that drops a different malware: RevCode WebMonitor RAT.<\/em><em>&nbsp;<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/group-behind-trickbot-spreads-fileless-bazarbackdoor\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Group Behind TrickBot Spreads Fileless BazarBackdoor<\/strong><\/a><\/p>\n<p><em>A new campaign is spreading a new malware named \u201cBazarBackdoor,\u201d a fileless backdoor created by the same threat actors behind TrickBot, according to BleepingComputer. The conclusion is drawn due to similarities in code, crypters, and infrastructure between the two malware variants. The social engineering attacks used to spread the backdoor use topics such as customer complaints, COVID-19-themed payroll reports, and employee termination lists for the emails they send out.<\/em><strong><em>&nbsp;<\/em><\/strong><\/p>\n<p><a href=\"https:\/\/threatpost.com\/critical-adobe-illustrator-bridge-and-magento-flaws-patched\/155255\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Critical Adobe Illustrator, Bridge and Magento Flaws Patched<\/strong><\/a><\/p>\n<p><em>Adobe is warning of critical flaws in Adobe Bridge, Adobe Illustrator and the&nbsp;Magento e-commerce platform. If exploited, the most severe vulnerabilities could enable remote code execution on affected systems.<\/em> <em>Francis Provencher, Mat Powell, and an anonymous reporter were credited for discovering the flaws, all working with Trend Micro\u2019s Zero Day Initiative.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/guidance-on-kubernetes-threat-modeling\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Guidance on Kubernetes Threat Modeling<\/strong><\/a><\/p>\n<p><em>Kubernetes&nbsp;is one of the most used container orchestration systems in cloud environments. As such, like any widely used application, it is an attractive target for cybercriminals and other threat actors. In this blog, Trend Micro shares three general areas that cloud administrators need to secure their deployments against, as they can introduce threats or risks to their Kubernetes-driven containerization strategies.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/loki-info-stealer-propagates-through-lzh-files\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Loki Info Stealer Propagates Through LZH Files<\/strong><\/a><\/p>\n<p><em>Trend Micro<\/em> <em>previously<\/em> <em>encountered a spam sample that propagates the info stealer Loki through Windows Cabinet (CAB) files. Recently, Trend Micro also acquired another sample that delivers the same malware, but through LZH compressed archive files. Trend Micro detects the attachment and the dropper as TrojanSpy.Win32.LOKI.TIOIBYTU.<\/em><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/security-101-how-fileless-attacks-work-and-persist-in-systems\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Security 101: How Fileless Attacks Work and Persist in Systems<\/strong><\/a><\/p>\n<p><em>As security measures improve, modern adversaries continue to craft sophisticated techniques to evade detection. One of the most persistent evasion techniques involves fileless attacks, which don\u2019t require malicious software to break into a system. Instead of relying on executables, these threats misuse tools that are already in the system to initiate attacks.<\/em><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/covid-19-lockdown-fuels-increase-rdp-attacks\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>COVID-19 Lockdown Fuels Increase in RDP Attacks<\/strong><\/a><\/p>\n<p><em>The number of attacks abusing the remote desktop protocol (RDP) to compromise corporate environments has increased significantly over the past couple of months, according to Kaspersky. With employees worldwide forced to work from home due to the COVID-19 pandemic, the volume of corporate traffic has increased significantly, just as the use of third-party services has increased to keep teams connected and efficient.<\/em><\/p>\n<p>What measures are you taking to secure your migration to the cloud? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: <a href=\"https:\/\/twitter.com\/jonlclay\">@JonLClay.<\/a><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how the operators of the Shade (Troldesh) ransomware have shut down and released more than 750,000 decryption keys. Also, learn about an attack using Zoom&#8230;<br \/>\nThe post This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34730,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[311,307,8301],"class_list":["post-34729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-current-news","tag-security","tag-this-week-in-security-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-01T13:28:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer\",\"datePublished\":\"2020-05-01T13:28:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/\"},\"wordCount\":959,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg\",\"keywords\":[\"Current News\",\"Security\",\"This week in security news\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/\",\"name\":\"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg\",\"datePublished\":\"2020-05-01T13:28:24+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg\",\"width\":300,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Current News\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/current-news\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/","og_locale":"en_US","og_type":"article","og_title":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-05-01T13:28:24+00:00","og_image":[{"width":300,"height":300,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer","datePublished":"2020-05-01T13:28:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/"},"wordCount":959,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg","keywords":["Current News","Security","This week in security news"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/","url":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/","name":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg","datePublished":"2020-05-01T13:28:24+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/05\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer.jpg","width":300,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/this-week-in-security-news-shade-ransomware-shuts-down-releases-decryption-keys-and-webmonitor-rat-bundled-with-zoom-installer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Current News","item":"https:\/\/www.threatshub.org\/blog\/tag\/current-news\/"},{"@type":"ListItem","position":3,"name":"This Week in Security News: Shade Ransomware Shuts Down, Releases Decryption Keys and WebMonitor RAT Bundled with Zoom Installer"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34729"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34729\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34730"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}