Hell or Radiation ransomware virus, depending on the desktop wallpaper or ransom note’s GUI (graphical user interface) encrypts files without renaming their names but rendering them completely unusable. Hackers demand that victims should pay $310 in bitcoins ransom to decrypt corrupted files. The security experts’ advice is to avoid payment first because the ransomware seems to be in development and there is no guarantee that the malicious code generates working decryption keys and second because often cyber criminals receive the payment but skip sending any answer. Our article covers detailed look at threat’s specifics and provides efficient removal instructions of Hell Radiation ransomware virus.
Manual Removal Guide
Recover Files Encrypted by Hell Radiation
Skip all steps and download anti-malware tool that will safely scan and clean your PC.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Hell Radiation Ransomware Virus Infection In Details
The infection is triggered by a file called ChaseBot.exe which is detected as Trojan by many antivirus programs. Once it is running on the computer, it is able to perform various malicious actions. It drops and creates new malicious files that contribute to terminating system processes. Files associated with Hell Radiation ransomware virus could be found in the following folder locations:
%TMP%
%WINDIR%
%USERPROFILE%
The primary purpose of Hell Radiation virus is to start its built-in encryption module that is developed to modify the original code of target files with a combination of two strong cipher algorithms – AES and RSA. As a result frequently used files like documents, images, photos, videos, music, projects, archives, databases, text files, etc. are likely to be corrupted and left completely unusable. At this point Hell Radiation data locker virus is not appending particular file extension neither is changing their names.
Hackers pretend that victims would be able to decrypt files only when they gain the decryption key in return for $310 in bitcoins. They display a sequence of ransom messages that guide victims how to act further. First, the desktop wallpaper is changed with an image that depicts the following text:
Ugh.. oh!
Your Files Are Encrypted!
To retrieve your files
Please Refer to decrypt.exe and decrypt.txt
These files can be found on your desktop
#Hell Ransomware Made by KingCobra
The decrypt.txt file mentioned on the image contains paraphrased dialogue between the victims and the hacker:
Q: What’s wrong with my files?
A: Ooops, your important files are encrypted.
It means you will not be able to access them anymore until they are decrypted.
If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
Let’s start decrypting!
Q: What do I do?
A: First, you need to pay service fees for the decryption.Please send $300 worth of bitcoin to this bitcoin address BTC 1CryptcfFKJJES1Gh5zAoFtmnPYLCRcMmY
Next, please find an application file named Decrypter. It is the decrypt software.0k follow how to pay the instruction!
(You man need to disable your antivirus for a while.)
Q; How can I trust?
A: Don’t worry about decryption if you make transaction via bitcoin to specific server our give you how pay instruction to bitcoin Address BTC 1CryptcfFKJJES1Gh5zAoFtmnPYLCRcMmY
In addition Hell Radiation ransomware virus locks the PC screen by displaying a popup “Radiation Ransomware” that reads:
Note your files are encrypted with AES + RSA encryption. This is not normal. In order to get your files back send 310$ to the bitcoin address below. There is no other way to decrypt your files. Any attempt to remove the ransomware may result in deletion of files and loss of data! Only Bitcoin is accepted. For more info on how to buy bitcoin click the button below.
Three clickable buttons on the popup open new windows with additional information about “How to Buy Bitcoin”, “Check Payment” and a “Decrypt” option. Any payment transactions are to be excluded because the rasomware is believed to be in development and it is highly possible that there are no working decryption keys.
Read More: Lalabitch Ransomware Removal Instructions, Random6 Virus
Hell Radiation virus writes files and then terminates processes that support its malicious actions during infection completion. The virus can even create its processes that ensure its stable presence on the PC and usually enable its automatic execution each time the Windows OS starts. For the purpose it touches the following registry keys by adding and changing the values in them:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
By starting the PC in Safe Mode, these keys are ignored by default so entering this PC mode helps to prevent the automatic execution of ransomware payload and files associated with it. Some of the files that Hell Radiation ransomware creates are:
Remove Hell Radiation Ransomware and Restore Data
WARNING! Manual removal of Hell Radiation Ransomware requires being familiar with system files and registries. Removing important data accidentally can lead to permanent system damage. If you don’t feel comfortable with manual instructions, download a powerful anti-malware tool that will scan your system for malware and clean it safely for you.
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Hell Radiation Ransomware Virus – Manual Removal Steps
Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently. The steps bellow are applicable to all Windows versions.
1. Hit the WIN Key + R
2. A Run window will appear. In it, write msconfig and then press Enter
3. A Configuration box shall appear. In it Choose the tab named Boot
4. Mark Safe Boot option and then go to Network under it to tick it too
5. Apply -> OK
Show Hidden Files
Some ransomware threats are designed to hide their malicious files in the Windows so all files stored on the system should be visible.
1. Open My Computer/This PC
2. Windows 7
-
– Click on Organize button
– Select Folder and search options
– Select the View tab
– Go under Hidden files and folders and mark Show hidden files and folders option
3. Windows 8/ 10
-
– Open View tab
– Mark Hidden items option
4. Click Apply and then OK button
Enter Windows Task Manager and Stop Malicious Processes
1. Hit the following key combination: CTRL+SHIFT+ESC
2. Get over to Processes
3. When you find suspicious process right click on it and select Open File Location
4. Go back to Task Manager and end the malicious process. Right click on it again and choose End Process
5. Next, you should go folder where the malicious file is located and delete it
Repair Windows Registry
1. Again type simultaneously the WIN Key + R key combination
2. In the box, write regedit and hit Enter
3. Type the CTRL+ F and then write the malicious name in the search type field to locate the malicious executable
4. In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Click for more information about Windows Registry and further repair help
Recover Hell Radiation Encrypted Files
WARNING! All files and objects associated with Hell Radiation Ransomware should be removed from the infected PC before any data recovery attempts. Otherwise the virus may encrypt restored files. Furthermore, a backup of all encrypted files stored on external media is highly recommendable.
DOWNLOAD Hell Radiation Ransomware Removal ToolSpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
1. Use present backups
2. Use professional data recovery software
Stellar Phoenix Data Recovery – a specialist tool that can restore partitions, data, documents, photos, and 300 more file types lost during various types of incidents and corruption.
3. Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
4. Restore your personal files using File History
-
– Hit WIN Key
– Type restore your files in the search box
– Select Restore your files with File History
– Choose a folder or type the name of the file in the search bar
– Hit the “Restore” button