RADAR Ransomware

Protecting your devices from malware threats is crucial in today's digital age. One particularly harmful type of malware, ransomware, poses significant risks by encrypting files and demanding payment for their decryption. Understanding and safeguarding against such threats is essential for both individuals and organizations.

The RADAR Ransomware: An Overview

Researchers have identified a new ransomware threat named RADAR. This threatening software is specifically designed to encrypt files on infected devices and then demand a ransom for their decryption. The modus operandi of RADAR ransomware includes encrypting files and appending their filenames with a random character string, transforming, for instance, '1.png' into '1.png.W8M8ePNp.'

Post-Execution Behavior

Once the ransomware is executed on a compromised device, it goes through a series of harmful actions:

• File Encryption: RADAR encrypts the victim's files, changing their filenames by appending a random string of characters.
• Desktop Alteration: The ransomware modifies the desktop wallpaper to signal the infection.
• Ransom Note Creation: A ransom note titled 'README_FOR_DECRYPT.txt' is generated, informing the victim of the encryption and data theft.

Ransom Note Details

The ransom note is explicit in its demands and threats. It begins by informing the victim that their files have been encrypted and then warns that the collected data will be leaked if the ransom is not paid. To underscore the seriousness of their claim, the note includes details about the cybercriminals' previous attacks and data leaks. Victims are allowed to test decryption on 5-10 files before paying the ransom. Additionally, the note cautions victims against renaming, modifying, or deleting the locked files, as such actions could make decryption impossible. It further threatens that contacting authorities will result in the automatic release of the exfiltrated data. Lastly, the note advises against seeking help from third-party recovery companies, asserting that this will increase financial loss.

Challenges in Decryption

Researchers emphasize the difficulty of decrypting files without the cybercriminals' assistance. Most ransomware, including RADAR, is designed to be highly resistant to decryption attempts unless the attacker provides the necessary keys. Even paying the ransom is risky, because the attackers rarely will honor their promise to send the decryption tools.

To prevent further data encryption, it is crucial to remove the RADAR Ransomware from the operating system. However, removal does not restore already encrypted files.

Security Measures to Protect against Ransomware

To protect your devices from ransomware like RADAR, implementing the following security measures is essential:

• Regular Backups: Regularly back up all important data to an external drive or cloud service to ensure you can restore files without paying a ransom.
• Update Software: Preserve the operating system and applications upgraded with the latest security patches.
• Anti-malware Tools: Use reputable anti-malware programs to reveal and freeze a ransomware before it can cause harm.
• Email Vigilance: Be cautious with email attachments and links, especially from unknown senders, as these are common vectors for ransomware distribution.
• Network Security: Implement strong network security measures, including firewalls, to prevent unauthorized access.
• User Education: Educate employees and users about the risks of ransomware and other types of malware, and the importance of safe online practices.
• Access Controls: Regulate user access to critical systems and data to minimize the potential impact of a ransomware attack.

By taking these precautions, users can significantly lessen the chances of ransomware infections and protect their valuable data from cybercriminals.

The full text of the ransom note left to the victims of RADAR Ransomware is:

'RADAR

Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.

To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, dataleak forums, dataleak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.

Please contact our sales department at Skype: [redacted]
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.

Follow the guidelines below to avoid losing your data:

Do not modify, rename or delete encrypted files. In result your data will be undecryptable.

Do not modify or rename encrypted files. You will lose them.

Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.

Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.

Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.

P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: [redacted] Their Website - [redacted]
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
[redacted]
[redacted]
[redacted]
[redacted]
Lot of telegram channels like [redacted] , [redacted] , all darkweb resources list from here - [redacted]

We have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/

For [redacted] we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.

Let's respect each others time.
With best Regards, RADAR'