RADAR Ransomware Should Be On Your Radar

Every day we wake up, ransomware continues to be one of the most formidable adversaries users face online. Among the entrants in this domain is the RADAR Ransomware, a malicious program designed to encrypt files and demand a ransom for their decryption. Let's delve into what RADAR ransomware is, how it operates, and what steps can be taken to protect against it.

What is RADAR Ransomware?

RADAR Ransomware is a type of malicious software that follows a typical modus operandi. It encrypts files on an infected system and appends filenames with a random character string. For instance, a file originally named "picture.png" might be transformed into "picture.png.W36G8ePNp" after encryption.

Once the encryption process is complete, RADAR Ransomware modifies the desktop wallpaper and drops a ransom note titled "README_FOR_DECRYPT.txt." This note is there to inform their victim that their files have been encrypted and that their data has been stolen, threatening to leak the stolen information unless the ransom demands are met.

Check out the ransom note below:

Your network has been breached and all major data were encrypted.
Important files have been downloaded from your servers and are ready to be published on TOR blogs.

To decrypt all the data and prevent exfiltrated files to be disclosed on TOR blogs, data leak forums, data leak databases, telegram channels etc with lot of tags/videos on twitter/facebook you should purchase our decryption tool. We will provide you a proof video how our Decryption Tool works.

Please contact our sales department at Skype: XXXXXXX
We appreciate and respect everyone, that's why in Skype you will get a proof, we will record a video of 5-10 files of your choice.

Follow the guidelines below to avoid losing your data:

• Do not modify, rename or delete encrypted files. In result your data will be undecryptable.
• Do not modify or rename encrypted files. You will lose them.
• Do not report to the Police, FBI, etc. They don't care about your business. They simply won't allow you to pay. As a result you will lose everything and your data, recorded data on videos etc will be published.
• Do not hire a recovery company. They can't decrypt files without our Decryption Tool. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. You should contact with us yourself and we'll guarantee you 10077BCB65CA365CF885446C7CB6B4ABA99uccessful decryption without any loss + exfiltrated data erasing from our servers.
• Do not reject to purchase RADAR Decryptor from us, otherwise exfiltrated files will be publicly disclosed with video of files.

P.S. Do not repeat the same mistakes as other companies did with us, for example our old case with a small Spain Company: XXXXXXX Their Website - XXXXXXX
Our media team published files and videos, because they didn't pay as in time. Small part of proofs:
XXXXXXX
XXXXXXX
XXXXXXX
XXXXXXX
Lot of telegram channels like XXXXXXX , XXXXXXX , all darkweb resources list from here - XXXXXXX

We have a direct contact with a list of ransomware owners in jabber and tox, you can see all the companies that refused to cooperate with us, TOR/onion URLs: hxxp://xb6q2aggycmlcrjtbj[redacted]sqb4nx6cmod3emy7sad.onion
hxxp://mbrlkbtq5jonaqkurj[redacted]4rgjbkkknndqwae6byd.onion
hxxp://bianlianlbc5an4kgn[redacted]gczopmm3dnbz3uaunad.onion/
hxxp://alphvmmm27o3abo3r2[redacted]5xsj7j7ejksbpsa36ad.onion
htxxp://knight3xppu263m7g4[redacted]h7vjdc3zrscqlfu3pqd.onion/

For XXXXXXX we hired 3rd party team of data analysts with OSINT-specialists. Because of adding such 3rd parties, the price for Decryption Tool and exfiltrated data erasing has been increased. In result they suffered significant problems due disastrous consequences, leading to loss of valuable intellectual property and other sensitive information, GDPR issues, costly incident response efforts, information misuse/abuse, loss of customer trust, brand and reputational damage, legal and regulatory issues. And it will never end for them, as their files are constantly downloaded and videos are viewed by people from all over the World.
That's why we don't recommend to ignore us.

Let's respect each others time.
With best Regards, RADAR

The Double-Extortion Tactic

The ransom note left by RADAR Ransomware serves a dual purpose: it demands payment for decrypting the files and warns victims that their data will be publicly released if the ransom is not paid. This method, known as double extortion, increases the pressure on victims to comply with the attackers' demands. The note further details the cyber criminals' past attacks and the corporate leaks they have executed, underscoring the seriousness of the threat.

Victims are often allowed to decrypt a small number of files (5-10) to demonstrate the attackers' decryption capability. However, any attempt to rename, modify, or delete the encrypted files can render them undecryptable, adding another layer of difficulty for the victim.

The Risks of Paying the Ransom

While it might seem like paying the ransom is the quickest way to regain access to encrypted files, it is fraught with risks. Experience shows that decryption is often impossible without the criminals' intervention, and even paying the ransom does not guarantee that the decryption tools will be provided. Moreover, ransom pay supports criminal activities and perpetuates the cycle of ransomware attacks.

Authorities and cybersecurity experts strongly advise against meeting the attackers' demands. Instead, removing the ransomware from the operating system is crucial to prevent further data encryption. Unfortunately, removal alone does not restore the already encrypted files. The best solution remains to recover the data from a backup, highlighting the importance of regular data backups.

Preventive Measures and Best Practices

Preventing ransomware infections requires a multifaceted approach. Here are key strategies to safeguard against threats like RADAR Ransomware:

1. Regular Backups

Keep backups of important data in multiple locations, such as unplugged storage devices, remote servers, and cloud storage. This ensures that even if one backup is compromised, others remain intact.

2. Vigilant Browsing and Email Practices

Exercise caution when browsing the internet and handling emails. Don't open attachments or click links you receive from unknown or suspicious sources. Don't believe information in the emails from unfamiliar senders, especially those requesting personal information or containing urgent messages.

3. Use of Trusted Software

Download software exclusively from official and trustworthy channels. Avoid using third-party tools for software activation or updates, as these can contain malware.

4. Updated Security Measures

Make sure that your antivirus and anti-malware software is always up to date. These tools are there to detect and block ransomware before it can cause harm.

Understanding Ransomware Distribution

Ransomware, including RADAR, is primarily distributed through phishing and social engineering tactics. Malicious software is often disguised as legitimate files such as executables, archives, or documents. Common proliferation methods include backdoor trojans, drive-by downloads, malicious email attachments, dubious download sources, and malvertising. Some ransomware can even spread via local networks and removable storage devices.

Final Thoughts

RADAR Ransomware represents a significant threat in the digital world, employing advanced tactics like double extortion to coerce victims. Understanding how such ransomware operates and taking proactive measures to safeguard your data are crucial in defending against these attacks. Regular backups, vigilant browsing habits, and updated security measures are your best defense against ransomware's disruptive and costly impact. Stay informed, stay protected, and remember that the best way to combat ransomware is through prevention and preparedness.