DarkRadiation Ransomware

The DarkRadiation ransomware is focused on attacks against Linux systems, mostly based on Debian distributions.

DarkRadiation uses SSH access to move laterally inside the system and be able to deploy the ransomware. It is written in bash script, then they use an open source code called ‘node-bash-obsfucated’, made in Node.js, it messes up the code, making it impossible to read the data.

His first task is to find the root/administrator accesses, then he removes it with a message in code.

After that he creates a user automatically generated by the malware, then lists all the existing ones, and deletes all the ones he did not generate himself. Thus, it blocks all your accesses, removing your users, preventing them from accessing your device.

After the encryption process is complete, all affected files are given the extension “.ReadMe”, and a file is left on the desktop containing the terms for paying the ransom.

DarkRadiation Ransomware

Recover Files Encrypted by DarkRadiation Ransomware

Digital Recovery has been in the data recovery market for over two decades, all this time has given us the ability to perform in the most complex data loss scenarios.

We have developed unique technologies, which enable us to recover data encrypted by ransomware on any storage device, whether HDDs, SSDs, Databases, Servers, Storages, RAID systems, Virtual Machines and others.

Because we know that the confidentiality of information in these cases is essential, we have developed the confidentiality agreement (NDA).

We offer our customers the option to activate emergency mode recovery, in which case our labs operate with 24×7 availability. We can also recover data remotely, anywhere in the world.

Contact our experts and get started with data recovery now.

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.