Radiation Ransomware

Posted: July 3, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 15

Radiation Ransomware Description

The Radiation Ransomware is a Trojan that locks your files and creates messages asking for ransoms to unlock them. Although this threat is incomplete, malware experts find that its encryption method is buggy currently and will damage your files beyond any possibility of decryption-based restoration permanently. Use backups for saving any media as necessary after removing the Radiation Ransomware, or, preferably, blocking it, with an anti-malware solution.

Red is the New Color of Dead Files

Although kidnapping and extortion are actions requiring implicit promises of the return of the hostage, con artists aren't likely to honor the words of their agreements necessarily. Even Trojan campaigns that communicate openly with the users they attack are at risk of lying, whether intentionally, accidentally or by omission. The Radiation Ransomware, one of the Trojans malware experts are analyzing in the middle of its development, offers demonstrations of how 'in good faith' negotiating can go wrong.

Internally, different components of the Radiation Ransomware refer to the program by the name of Radiation, Hell or Native Ransomware. When the user launches it, the Radiation Ransomware begins scanning for media that it can encrypt, such as JPG pictures or Word DOCs. Although it appears to be making an earnest attempt at encrypting the victim's content, either a bug or deliberate lack of care on the part of its programmer causes the feature to mishandle its internal marker. This error makes the file illegible permanently, in contrast to a properly enciphered one that the victim could restore by decrypting it.

The Radiation Ransomware also creates several messages asking for money in return for a (valueless, as per the above paragraph) decryption service from its author. These instructions include a desktop wallpaper, a Notepad text file, and a bright red, HTML pop-up. Since paying can't restore any content that's being locked by current versions of the Radiation Ransomware, fulfilling the extortion conditions has no advantages for the victim. Malware experts also recommend against paying Bitcoins or other, non-refundable cryptocurrencies to extortionists, particularly in situations where they suffer no penalties from breaking their word.

Keeping the Heat from Getting to Your PC

The Radiation Ransomware's author may not mean for its attack to be truly irreversible, but whether the issue arises from intent or oversight, the victim's files are just as corrupted. Password-protecting your network backups and keeping your peripheral storage devices detached from your primary PC can limit the access that Trojans like the Radiation Ransomware have to your media. Some families of Trojans with similar payloads and symptoms also are open to public decryption programs, although malware experts never recommend a reliance on them, alone, for preserving your data.

The Radiation Ransomware has yet to finish its development cycle, and its threat actors could use different means of circulating and installing it. Trends for installing Trojans with file-encoding attacks include using RDP features, brute-force hacking the victim's login data, spamming forged e-mail attachments, and using exploit kits that victims may encounter while surfing the Web. The majority, if not all of these attacks are resolvable by having anti-malware products monitor your PC and remove the Radiation Ransomware automatically, or block the exploits that could install it.

There's not much incentive for the Radiation Ransomware's author to make significant improvements to the Trojan, as it stands. Since Bitcoin ransoms aren't refundable without the other party's consent, the Radiation Ransomware could be the start of a Trojan campaign that gets money for giving you nothing more than an infection.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Radiation Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

file.exe File name: file.exe
Size: 311.29 KB (311296 bytes)
MD5: e7e2366f75f01f4639b57b77b1504d83
Detection count: 54
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 3, 2017
Home Malware Programs Ransomware Radiation Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.