Inspection Report on Radiation Ransomware
Just right after Petya/NotPetya ransomware massive attacks, Radiation Ransomware is found in the wild over cyber space demanding $310 USD as ransom in the name of providing data decryption password. Unlike other ransomware, it encrypts files without appending any extension or changing name of files but rendering all of them completely unusable. We suggest you to avoid making ransom payment of 310 USD (in Bitcoin) because the ransomware seems to be in-Dev phase and there is no money back guarantee. So, you can do nothing in case the given Decryption key doesn't work. Evidently, few victims were posted complaint regarding its developers dodging activities. Actually, after getting paid they just stop answering emails and block your email ID without any consent.
Furthermore, we have to mention that Radiation Ransomware is also known as Hell Radiation malware that is aimed at targeting corporate offices systems and personal computers for boosting up Bitcoin account balance. Apparently, the ransomware infection is always triggered by ChaseBot.exe which works as a trojan dropper type virus and distribute ransomware among potential victims literally. Next, it creates these files on your system – decrypter.exe, public.me, private.me, decrypt.exe, decrypt.txt, ChaseBot.exe, ADIATION.bin, RADIATION.txt and memes.jpg. In order to remove the ransomware completely, you need to delete each file carefully. Unfortunately, Radiation Ransomware is new and research is yet undergoing. In few days we will update more specific information here.
Radiation Ransomware: Distribution Means
Through Junk email attachments including exploit kits, payloads, trojan dropper or macro-enabled document.
Via P2P networks, free file hosting sites, open wireless network, phishing domains and hacked websites.
Bundled package of pirated programs, keygens, patches and untrustworthy Windows activators.
Through infected USBs containing infected files or executables of Radiation Ransomware.
Hence, if you really want to safeguard your computer then you must protect your itr with an efficient Anti-spyware product. While installing Anti-spyware you can take suggestion from IT-experts or your friends to find better product with multi-layered security measures. Also, you must avoid opening attached files arrived from untrusted source offering unbelievable offers or shipping invoices or bank transaction details to prevent the attack. Finally, you need to use the given instruction to uninstall Radiation Ransomware and restore your encoded files:
Steps To Delete Radiation Ransomware From System
Procedure 1: Reboot Your System In Safe Mode
How To Start Computer In Safe Mode with Networking (Win XP/Vista/7)
- Please restart your system. Just before the Windows start, continuously press F8 on your keyboard. Now, you will be presented with Advanced Options Menu.
- Select Safe Mode with Networking from the selection options. Please use the keyboard’s arrow up or down to navigate between selections and then hit Enter to proceed.
Method To Start Win 8 In Safe Mode With Networking
- Restart your System and as soon as it begins to start, kindly please press Shift+F8 keys.
- Instead of seeing the Advance Boot Options, Win 8 will display the Recovery Mode. So, continue with the given instructions until you reach the Safe Mode function.
- Tap on ‘See advanced repair options’.
- Then after, click on Troubleshoot.
- Next, select Advanced options.
- On the next window, choose Windows Startup Settings.
- At last, click on the Restart button. Now, Windows 8 will restart and boot into the Advanced Boot Option wherein you can run the computer in Safe Mode with Networking.
Procedure 2: ShadowExplorer can be really helpful in restoring your file encrypted by Radiation Ransomware
When Radiation Ransomware attacks it generally tries to Delete all shadows copies which is stored in your computer. But there are chances that Radiation Ransomware is not able to Delete the shadow copies everytime. So you need to restore the original files using shadow copies.
Follow these simple steps to restore original files through shadowexplorer
- Download shadowexplorer link from http://www.shadowexplorer.com/downloads.html.
- Install it on your system.
- Now you need to open shadowexplorer and select c: drive on left panel.
- Now choose at least one month ago date from date field.
- Now you need to go to the folder which have encrypted filed.
- Now right click the encrypted files.
- You need to export the original files and choose a destination to store them.
Procedure 3: System restore can be another method to restore your encrypted files
- Open start >> All Programs >> Accessories >> System tools >> System Restore.
- Click next to go to restore window.
- See what restore points are available for you , choose a restore point at least 20 to 30 days back.
- Once selecting click next.
- Choose disk c: (it must be selected by default).
- Now click next and system restore will start working and will be able to finish in few minutes.
Procedure 4: Another method for recovering your decrypted files are by using file recovery software
If above methods are not successful you can go for file recovery software. It can be helpful in recovering your encrypted files as Radiation Ransomware first makes a copy of original files and then encrypt it. After encryption it Deletes the original files. So there is high probability that these file recovery software can help you in recovering your original files. You can find links to some best file recovery software below.
- Recuva : you can download from http://www.piriform.com/recuva/download
- Testdisk: you can download from http://www.cgsecurity.org/wiki/TestDisk_Download
- Undelete 360: you can get it from http://www.undelete360.com/
- Pandora Recovery: you can download from http://www.pandorarecovery.com/
- Minitool partition recovery: you can get it from http://www.minitool.ca/