DarkRadiation Ransomware

DarkRadiation ransomware is focused on attacks against Linux systems, mostly based on Debian distributions.

DarkRadiation uses SSH access to move laterally inside the system and be able to deploy the ransomware. It is written in bash script, then they use an open source code called ‘node-bash-obsfucated’, made in Node.js, it messes up the code, making it impossible to read the data.

His first task is to find root/administrator accesses, then he removes it with a message in code.

After that, he creates a user automatically generated by the malware, then lists all the existing ones, and deletes all those not generated by himself. Thus, it blocks all your accesses, removing your users, preventing them from accessing your device.

After the encryption process is complete, all affected files are given the extension “.ReadMe”, and a file is left on the desktop containing the terms for paying the ransom.

Recover Files Encrypted by DarkRadiation Ransomware

Digital Recovery has been in the data recovery market for over two decades, all this time has given us the ability to perform in the most complex data loss scenarios.

We have developed unique technologies, which enable us to recover data encrypted by ransomware on any storage device, whether HDDs, SSDs, Databases, Servers, Storages, RAID systems, Virtual Machines and others.

Our solutions are exclusive and were developed by our specialists based on the General Data Protection Regulation (GDPR). Because we know that the confidentiality of information in these cases is essential, we have developed the confidentiality agreement (NDA).

We offer our customers the option to activate the recovery in emergency mode, in this mode our laboratories operate with a 24×7 availability. We can also recover data remotely, covering all parts of the world.

Contact our experts and start recovering your data now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Ransomware AtomSilo

AtomSilo Ransomware

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.