FANDOM


Radiation is an encryption ransomware Trojan that runs on Microsoft Windows. Radiation also may be known by the alias 'Hell Ransomware'.

Payload

When executed, Radiation will use a ransom note that features a background of fiery flames, changing the victim's Desktop to display the same ransom note and image. The text in these ransom notes reads as follows:

Ugh.. oh!
Your Files Are Encrypted!
To retrieve your files
Please Refer to decrypt.exe and decrypt.txt
These files can be found on your desktop
#Hell Ransomware Made by KingCobra

As mentioned above, the Radiation Ransomware will drop several files on the infected computers as part of its attack. The Radiation Ransomware variants have been observed to drop the following files on targeted computers:

  • %TEMP%\ChaseBot.exe
  • %TEMP%\NativeRansomware.exe.bin.exe
  • %TEMP%\RADIATION.bin
  • %TEMP%\decrypter.exe
  • %TEMP%\memes.jp
  • %USERPROFILE%\Desktop\RADIATION.txt
  • %USERPROFILE%\Desktop\decrypt.txt
  • %USERPROFILE%\Documents\Visual Studio 2013\Projects\Decrypter\Decrypter\obj\Debug\Decrypter.pdb
  • %USERPROFILE%\private.me
  • %USERPROFILE%\public.me

The main purpose of Radiation is to profit at the expense of the victim, taking the victim's files hostage to demand the payment of a ransom from the victim. Once Radiation encrypts files, they will no longer be readable, and the victim's applications will fail to load any of the affected files. Unfortunately, once a file has been encrypted by Radiation attack, it will be unrecoverable. Radiation's creators will threaten the victim by demanding that a ransom of $300 USD, paid in Bitcoins, be transferred to the con artists' Bitcoin wallet. Con artists will claim that a decryption tool, a file named 'decrypter.exe,' will be able to recover the affected files. Radiation decryptor file will display the following message in a program window with the name 'the Radiation Ransomware' on the infected computer:

Note your files are encrypted with AES + RSA encryption This is not normal. In order to get your files back 
send 310$ to the bitcoin address below There is no other way to decrypt your files. Any attempt to remove 
the ransomware may result in deletion of files and loss of data! Only Bitcoin is accepted For more info on how to buy bitcoin click the button below
Bitcoin Address [35 RANDOM CHARACTERS]
[How to Buy Bitcoin]
[Check Payment] [Decrypt]
Community content is available under CC-BY-SA unless otherwise noted.