Radiation Ransomware
Posted: July 3, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 15 |
First Seen: | July 3, 2017 |
---|---|
OS(es) Affected: | Windows |
The Radiation Ransomware is a Trojan that locks your files and creates messages asking for ransoms to unlock them. Although this threat is incomplete, malware experts find that its encryption method is buggy currently and will damage your files beyond any possibility of decryption-based restoration permanently. Use backups for saving any media as necessary after removing the Radiation Ransomware, or, preferably, blocking it, with an anti-malware solution.
Red is the New Color of Dead Files
Although kidnapping and extortion are actions requiring implicit promises of the return of the hostage, con artists aren't likely to honor the words of their agreements necessarily. Even Trojan campaigns that communicate openly with the users they attack are at risk of lying, whether intentionally, accidentally or by omission. The Radiation Ransomware, one of the Trojans malware experts are analyzing in the middle of its development, offers demonstrations of how 'in good faith' negotiating can go wrong.
Internally, different components of the Radiation Ransomware refer to the program by the name of Radiation, Hell or Native Ransomware. When the user launches it, the Radiation Ransomware begins scanning for media that it can encrypt, such as JPG pictures or Word DOCs. Although it appears to be making an earnest attempt at encrypting the victim's content, either a bug or deliberate lack of care on the part of its programmer causes the feature to mishandle its internal marker. This error makes the file illegible permanently, in contrast to a properly enciphered one that the victim could restore by decrypting it.
The Radiation Ransomware also creates several messages asking for money in return for a (valueless, as per the above paragraph) decryption service from its author. These instructions include a desktop wallpaper, a Notepad text file, and a bright red, HTML pop-up. Since paying can't restore any content that's being locked by current versions of the Radiation Ransomware, fulfilling the extortion conditions has no advantages for the victim. Malware experts also recommend against paying Bitcoins or other, non-refundable cryptocurrencies to extortionists, particularly in situations where they suffer no penalties from breaking their word.
Keeping the Heat from Getting to Your PC
The Radiation Ransomware's author may not mean for its attack to be truly irreversible, but whether the issue arises from intent or oversight, the victim's files are just as corrupted. Password-protecting your network backups and keeping your peripheral storage devices detached from your primary PC can limit the access that Trojans like the Radiation Ransomware have to your media. Some families of Trojans with similar payloads and symptoms also are open to public decryption programs, although malware experts never recommend a reliance on them, alone, for preserving your data.
The Radiation Ransomware has yet to finish its development cycle, and its threat actors could use different means of circulating and installing it. Trends for installing Trojans with file-encoding attacks include using RDP features, brute-force hacking the victim's login data, spamming forged e-mail attachments, and using exploit kits that victims may encounter while surfing the Web. The majority, if not all of these attacks are resolvable by having anti-malware products monitor your PC and remove the Radiation Ransomware automatically, or block the exploits that could install it.
There's not much incentive for the Radiation Ransomware's author to make significant improvements to the Trojan, as it stands. Since Bitcoin ransoms aren't refundable without the other party's consent, the Radiation Ransomware could be the start of a Trojan campaign that gets money for giving you nothing more than an infection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 311.29 KB (311296 bytes)
MD5: e7e2366f75f01f4639b57b77b1504d83
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 3, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.