Radman is a ransomware that tries to make victims pay $980 ransom in Bitcoin by locking all personal files on their device. Radman ransomware belongs to one of the most prolific malware families – STOP/Djvu.
Developers of Radman virus might employ a variety of distribution methods, including:
- Spam emails
- Fake updates
- Unprotected RDP connections
- Hacking tools or software cracks (Windows activator)
- Web injects
- Torrent files
- Repacked installers, etc.
Radman performs a variety of changes to Windows OS, including modification of the registry, establishing a connection with the Command & Control server, Shadow Volume Copies termination, etc. After that, the malware scans the device for personal files like .pdf, .avi, .doc, .xlsx, .html, .zip, and others, and locks them with a sophisticated encryption algorithm, generating a unique key in the process and sending it off to the remote server controlled by hackers.
One sample of Radman dropped the following ransom note on victim's machine:
To get this software you need write on our e-mail: email@example.com Reserve e-mail address to contact us: firstname.lastname@example.org Our Telegram account: @datarestore