FANDOM


Radman is a ransomware that tries to make victims pay $980 ransom in Bitcoin by locking all personal files on their device. Radman ransomware belongs to one of the most prolific malware families – STOP/Djvu.

Payload

Transmission

Developers of Radman virus might employ a variety of distribution methods, including:

  • Spam emails
  • Fake updates
  • Exploits
  • Unprotected RDP connections
  • Hacking tools or software cracks (Windows activator)
  • Web injects
  • Torrent files
  • Repacked installers, etc.

Infection

Radman performs a variety of changes to Windows OS, including modification of the registry, establishing a connection with the Command & Control server, Shadow Volume Copies termination, etc. After that, the malware scans the device for personal files like .pdf, .avi, .doc, .xlsx, .html, .zip, and others, and locks them with a sophisticated encryption algorithm, generating a unique key in the process and sending it off to the remote server controlled by hackers.

One sample of Radman dropped the following ransom note on victim's machine:

To get this software you need write on our e-mail:
bufalo@firemail.cc

Reserve e-mail address to contact us:
gorentos@bitmessage.ch

Our Telegram account:
@datarestore
Community content is available under CC-BY-SA unless otherwise noted.