Threat Database Ransomware Radiation Ransomware

Radiation Ransomware

By GoldSparrow in Ransomware

The Radiation Ransomware is an encryption ransomware Trojan. PC security analysts have observed an early version of the Radiation Ransomware infection, which is still unfinished. This version of the Radiation Ransomware was observed submitted to an online anti-virus engine. This often happens since the con artists will often submit early versions of a threat that is under development to confirm whether it is capable of evading detection by anti-virus engines. While many ransomware Trojans are designed to leave as few traces as possible on the victim's computer, even going as far as to delete themselves, the Radiation Ransomware has caught attention because it leaves numerous files on the infected computer.

Radiation or Hell, this Ransomware will Make Your Files Unusable

The Radiation Ransomware also may be known by the alias 'Hell Ransomware' because the Radiation Ransomware will use a ransom note that features a background of fiery flames, changing the victim's Desktop to display the same ransom note and image. The text in these ransom notes reads as follows:

'Ugh.. oh!
Your Files Are Encrypted!
To retrieve your files
Please Refer to decrypt.exe and decrypt.txt
These files can be found on your desktop
#Hell Ransomware Made by KingCobra'

As mentioned above, the Radiation Ransomware will drop several files on the infected computers as part of its attack. The Radiation Ransomware variants have been observed to drop the following files on targeted computers:

  • %TEMP%\ChaseBot.exe
  • %TEMP%\NativeRansomware.exe.bin.exe
  • %TEMP%\RADIATION.bin
  • %TEMP%\decrypter.exe
  • %TEMP%\memes.jp
  • %USERPROFILE%\Desktop\RADIATION.txt
  • %USERPROFILE%\Desktop\decrypt.txt
  • %USERPROFILE%\Documents\Visual Studio 2013\Projects\Decrypter\Decrypter\obj\Debug\Decrypter.pdb
  • %USERPROFILE%\private.me
  • %USERPROFILE%\public.me

The Radiation Ransomware Takes the Victims’ Files Hostage to Demand a Ransom

The main purpose of the Radiation Ransomware is to profit at the expense of the victim, taking the victim's files hostage to demand the payment of a ransom from the victim. Once the Radiation Ransomware encrypts files, they will no longer be readable, and the victim's applications will fail to load any of the affected files. Unfortunately, once a file has been encrypted by the Radiation Ransomware attack, it will be unrecoverable. The Radiation Ransomware's creators will threaten the victim by demanding that a ransom of $300 USD, paid in Bitcoins, be transferred to the con artists' Bitcoin wallet. Con artists will claim that a decryption tool, a file named 'decrypter.exe,' will be able to recover the affected files. The Radiation Ransomware decryptor file will display the following message in a program window with the name 'the Radiation Ransomware' on the infected computer:

'Note your files are encrypted with AES + RSA encryption This is not normal. In order to get your files back send 310$ to the bitcoin address below There is no other way to decrypt your files. Any attempt to remove the ransomware may result in deletion of files and loss of data! Only Bitcoin is accepted For more info on how to buy bitcoin click the button below
Bitcoin Address [35 RANDOM CHARACTERS]
[How to Buy Bitcoin]
[Check Payment] [Decrypt]'

Malware researchers have observed the Radiation Ransomware in other previous ransomware Trojans active earlier in 2017. However, it does not seem that the Radiation Ransomware is connected to them directly, but their code was simply reused in the Radiation Ransomware attack.

Protecting Your Data from Attacks Like the Radiation Ransomware

The best barrier against ransomware Trojans like the Radiation Ransomware is to have file backups installed on your computer. If PC users can recover their files from a backup copy, then the people responsible for the Radiation Ransomware attack lose any leverage they have over the victim, enabling them to demand a ransom payment. Apart from file backups, PC security analysts advise computer users to use a reliable security program to protect their data. A combination of a reliable security program with file backups will be enough to protect the computer users' data from most ransomware Trojans, including the Radiation Ransomware.

SpyHunter Detects & Remove Radiation Ransomware

File System Details

Radiation Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe e7e2366f75f01f4639b57b77b1504d83 0

Related Posts

Trending

Most Viewed

Loading...