Radiation Ransomware

The Radiation Ransomware is a Trojan that locks your files and creates messages asking for ransoms to unlock them. Although this threat is incomplete, malware experts find that its encryption method is buggy currently and will damage your files beyond any possibility of decryption-based restoration permanently. Use backups for saving any media as necessary after removing the Radiation Ransomware, or, preferably, blocking it, with an anti-malware solution.

Red is the New Color of Dead Files

Although kidnapping and extortion are actions requiring implicit promises of the return of the hostage, con artists aren't likely to honor the words of their agreements necessarily. Even Trojan campaigns that communicate openly with the users they attack are at risk of lying, whether intentionally, accidentally or by omission. The Radiation Ransomware, one of the Trojans malware experts are analyzing in the middle of its development, offers demonstrations of how 'in good faith' negotiating can go wrong.

Internally, different components of the Radiation Ransomware refer to the program by the name of Radiation, Hell or Native Ransomware. When the user launches it, the Radiation Ransomware begins scanning for media that it can encrypt, such as JPG pictures or Word DOCs. Although it appears to be making an earnest attempt at encrypting the victim's content, either a bug or deliberate lack of care on the part of its programmer causes the feature to mishandle its internal marker. This error makes the file illegible permanently, in contrast to a properly enciphered one that the victim could restore by decrypting it.

The Radiation Ransomware also creates several messages asking for money in return for a (valueless, as per the above paragraph) decryption service from its author. These instructions include a desktop wallpaper, a Notepad text file, and a bright red, HTML pop-up. Since paying can't restore any content that's being locked by current versions of the Radiation Ransomware, fulfilling the extortion conditions has no advantages for the victim. Malware experts also recommend against paying Bitcoins or other, non-refundable cryptocurrencies to extortionists, particularly in situations where they suffer no penalties from breaking their word.

Keeping the Heat from Getting to Your PC

The Radiation Ransomware's author may not mean for its attack to be truly irreversible, but whether the issue arises from intent or oversight, the victim's files are just as corrupted. Password-protecting your network backups and keeping your peripheral storage devices detached from your primary PC can limit the access that Trojans like the Radiation Ransomware have to your media. Some families of Trojans with similar payloads and symptoms also are open to public decryption programs, although malware experts never recommend a reliance on them, alone, for preserving your data.

The Radiation Ransomware has yet to finish its development cycle, and its threat actors could use different means of circulating and installing it. Trends for installing Trojans with file-encoding attacks include using RDP features, brute-force hacking the victim's login data, spamming forged e-mail attachments, and using exploit kits that victims may encounter while surfing the Web. The majority, if not all of these attacks are resolvable by having anti-malware products monitor your PC and remove the Radiation Ransomware automatically, or block the exploits that could install it.

There's not much incentive for the Radiation Ransomware's author to make significant improvements to the Trojan, as it stands. Since Bitcoin ransoms aren't refundable without the other party's consent, the Radiation Ransomware could be the start of a Trojan campaign that gets money for giving you nothing more than an infection.

Technical Details