If your are finding that your all stored files on the System is encrypted then your System must have infected with the data locking or ransomware infection. Recently, several variant of ransomware attacks Windows PC but among all Radiation Ransomware is one of the most disastrous ones. This post will teach you actually what is it and how can you get rid of Radiation Ransomware from your Computer.
Facts Worth To Know About Radiation Ransomware
According to the depth analysis by malware researchers, Radiation Ransomware has been considered as the most dangerous System infection which is still in progress. It has the ability to infect almost all System that executes on Windows based Operating System including Windows Server 2000, Server 2005, Server 2008, XP, Vista, NT, Me, 7, 8, 10 and do on. Like other ransomware, it also encrypts files, makes them inaccessible and asks victim to pay ransom fee but does not add any extension to the end of the targeted filename. Radiation Ransomware is mainly triggered by ChaseBot.exe file. Once it successfully executed on the PC, it perform several notorious action. It automatically creates and drops new suspicious file to terminate the executing System processes.
Transmission Peculiarities of Radiation Ransomware
There are numerous ways through which Radiation Ransomware lurks inside the PC but some of the most common are listed below :
- Whenever user opens spam emails or junk mail attachments that sent from unknown senders.
- Turned off firewall setting will make your PC vulnerable.
- Updating software through redirected links may lead you to such an infection.
- Sharing file over the P2P network may also cause the payload of such a ransomware.
- Downloading and installing of any freeware packages from unknown sources may lead your PC to such an infection.
Infection Flow of Radiation Ransomware
The primary objective of its Creator is to start the built-in encryption module that actually developed to alter the original code of targeted files using two strong RSA and AES cipher algorithm. It infects almost all types of file such as images, documents, videos, musics, archives, projects, files, text, databases etc and left them inaccessible. Once completed the encryption procedure, it automatically assign the original wallpaper as desktop background. By displaying ransom message, victims are encourages to open decrypt.txt and decrypt.exe. However, victim could not help themselves and left their nickname at end stating that 'Hell Ransomware Made by KingCobra'. Apart from the ransom message, it displays an additional window.
Detailed Analysis of Additional Window displayed by Radiation Ransomware
This ransomware contains an additional window that featured with three sections including “How to buy bitcoin”, “Check Payment” and “Decrypt”. By clicking on the first button, you will get the list of all steps that are expected to be applies for completing a transaction of bitcoins into the hacker's bitcoin wallet. Hackers call themselves KingCobra is only to scare victim and gain profit from them. By seeing ransom message, most of the innocent user easily get agreed to pay 310 US dollar to cyber hacker. If you are also one of its victim and agreed to pay ransom fee then you need to be think twice before doing so.
Do not pay ransom fee demanded by Radiation Ransomware
Ransom note is only just a tricky thing to scare victim and urges them to pay ransom fee. Paying ransom money is only encouraged team of cyber hackers to promote their evil intention. Victim can recover their file using backup copy but if you have not then you need to take an immediate action to delete Radiation Ransomware rather than making deal with the remote attackers. Removal of this ransomware is possible using manual or automatic method. Manual method will consume too much time and effort which is usually handled by only technical expert. If you are not among them then you need to opt automatic removal solution.
|Symptoms||It encrypts your all stored files, makes then unreadable, changes desktop wallpaper and asks victim to pay ransom fee.|
|Detection Tool:||Radiation Ransomware may not be easy to remove – try spyhunter a professional tool to remove Radiation Ransomware – to get rid of it.|
"Spyhunter detects the threat for you without any cost, but for removing it you have to buy the software"
Radiation Ransomware Removal Process
Reboot your system in safe mode (Read the tutorial how to boot in safe mode if you don’t know)
Un check all hidden files and folder properties (Know how to do it)
This is important as the Radiation Ransomware may be hidden it’s files.
Check your host file , if it is hijacked by Radiation Ransomware trojan
Pres Windows+R key to open search field
Type : “notepad %windir%/system32/Drivers/etc/hosts” hit enter
A file will open and if you are hijacked a new ip or bunch of ip’s will appear on the bottom of the page. You can see it in the image below.
127.0.0.1 188.8.131.52 #Radiation Ransomware – Ransomware
127.0.0.1 184.108.40.206 #Radiation Ransomware – Ransomware
127.0.0.1 173.214.183.01 #Radiation Ransomware– Ransomware
if you find these kind of IP’s related to ransomware then you can follow the Microsoft link to reset the infected host file.
if you are hijacked follow the Microsoft link to reset the infected host file.
Pres Windows+R key to open search field
Type msconfig and hit to open system configuration tab
In startup browse through list of programs and uncheck suspicious/unwanted programs from the list.
Press ctrl+shift+esc to go into windows task manager. There click the processes tab and look out for any suspicious process or virus
if you find any process related to Radiation Ransomware you can right click and “open file location”. once file location is opened you can kill the process there and all the directories from the folder you were sent to.
For your Convenience, You need to work Cautiously: Read Alert
Type Regedit in windows search field.
Once its open click ctrl+F and search for the threat name. If its found then right click and delete its entries.
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain “Default_Page_URL”
HKEY_LOCAL_Machine\Software\Classes\[ABOUT FILES! Ransomware]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\[ABOUT FILES! Ransomware]
Open windows search field ctrl + r and type these in it
once folder is open kindly search for anything related to ransomware. Make temp folder empty.
A complete guide to decrypt files infected with Radiation Ransomware ransomware See HERE
Kindly write to us if you need furthur help.