e

Fix Troldesh Ransomware with Avast Decryption Tool: A Quick Walkthrough

Written by

adm

in

Avast Decryption Tool for Troldesh — How to Recover Files Safely

What it is

  • A free Windows tool from Avast that targets Troldesh (aka Shade / Encoder.858) ransomware.
  • Uses published Troldesh decryption keys (authors released keys in 2020) to decrypt affected files.

When it can help

  • Your files show Troldesh indicators (extensions like xtbl, ytbl, breaking_bad, heisenberg, better_call_saul, los_pollos, da_vinci_code, etc., and README*.txt ransom notes).
  • The infection is Troldesh/ Shade (not a different ransomware family).

Before you start (critical)

  1. Isolate the device: disconnect from networks and unplug external drives to prevent spread.
  2. Do not delete encrypted files — keep originals intact.
  3. Create backups: copy encrypted files to an external drive (do not connect backups to the infected machine afterward).
  4. Take an image/backup of the system if possible (forensics/recovery fallback).
  5. Scan and remove malware with updated antivirus before decrypting; otherwise reinfection may re-encrypt files.

Step-by-step recovery (prescriptive)

  1. Download the decryptor from Avast’s official Ransomware Decryption Tools page.
  2. Verify the file is the Troldesh-specific decryptor (Avast tool labeled for Troldesh / Shade).
  3. Run the decryptor as an administrator.
  4. When prompted, add the folders/drives to scan (you can include external backups if they were kept offline).
  5. Choose to backup encrypted files when the tool offers that option (recommended).
  6. Start the scan/decryption and wait — do not interrupt the process.
  7. Verify a selection of decrypted files open correctly.
  8. If decryption fails for some files, keep backups and note sample filenames/extensions; consider contacting a professional incident responder.

Limitations & cautions

  • Works only for Troldesh variants that match the released keys; some variants or mixed infections may not be decryptable.
  • Always remove the ransomware itself first — decrypting while active may not be effective.
  • Decryption may not restore metadata (timestamps) or all file types perfectly.
  • Do not pay ransom — Troldesh keys are publicly available and paying is unnecessary.

If decryption doesn’t work

  • Preserve encrypted files and system images.
  • Use reputable incident response or data-recovery services.
  • Check Emsisoft, No More Ransom, and Avast pages periodically for updated tools.

Quick links (where to start)

  • Avast Ransomware Decryption Tools page (download Troldesh decryptor)
  • No More Ransom / Emsisoft (alternate decryptor listings and support)

If you want, I can provide the exact download link and a concise checklist you can follow on the infected machine.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts