Radamant Ransomware
Posted: December 21, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 67 |
First Seen: | December 21, 2015 |
---|---|
OS(es) Affected: | Windows |
The Radamant Ransomware is a file encrypting Trojan that makes your files unreadable as part of a tactic to ransom their safe return in exchange for money. While such attacks are hardly unique, malware experts have since verified that the Radamant Ransomware makes legitimate encryption attacks, rather than faking the appearance of such attacks, and also may take further steps, such as deleting any local backup data. Recovering data lost from these infections is currently heavily reliant on remote backup strategies; meanwhile, removing the Radamant Ransomware is recommended only with help from your onboard anti-malware products.
The Latest Face of Threats on Facebook
Considering the importance of the appearance of threats in a threat attack, not all types of ransomware follow through on their supposed encryption of your files. Unfortunately, even simple forms of encryption may be relatively difficult to crack, and many threat authors put in the effort for the sake of increased profitability. The Radamant Ransomware is a new case of a file encrypting Trojan following up on its attacks with genuine AES-256 encryption. The aftermath of such an attack is that all files targeted and modified by the Radamant Ransomware are no longer readable.
While the Radamant Ransomware is new, malware researchers have seen early evidence of the Radamant Ransomware's admin using social networking tactics to install this threat. Platforms like Facebook and Twitter may host obfuscated Web links including redirects to the Radamant Ransomware installers, which are likely to disguise themselves as another kind of content, such as a Windows update. Some personal Web domains also have been linked to the Radamant Ransomware: crazytrevor.in and crazytrevor.com, although both of these sites are serving as Command & Control administrative servers, rather than distribution hotspots.
After attacking your files, the Radamant Ransomware places an HTML instructional file on your desktop that includes its ransom instructions. As usual, the Radamant Ransomware prefers BitCoin payments, with the current ransom demands staying slightly over 200 USD.
Dimming the Lights on a Not-So-Radiant Ransomware Campaign
The Radamant Ransomware's scans include extremely large format ranges, from image files to text documents, to spreadsheets, and other file types too numerous to list in full here. Files affected by the Radamant Ransomware encryption may be identified by their extension change, which includes an appended '.RDM' type. Note that there are some gaming applications (primary Ragdoll Soft products) that use the RDM file type by default, and are unrelated to the Radamant Ransomware attacks.
The Radamant Ransomware also deletes your local Shadow Volume Copies data, which its victims could have used to restore their files. Instead of depending on local backups or paying the Radamant Ransomware's ransom, malware experts recommend keeping multiple backups in safe locations, such as in a cloud server or a removable hard drive. Other PC security entities also have made positive statements on the potential development of decryption utilities for the Radamant Ransomware, which will be made public for free.
Guarding your computer against threat intrusions by observing which links you click is much simpler than removing the aftereffects of any file encryptor. For PC users for whom protecting their data is already too late, deleting the Radamant Ransomware always should use anti-malware programs able to detect all other threats and system changes that could have associations with this threat.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\26e8403a.exe
File name: 26e8403a.exeSize: 110.4 KB (110407 bytes)
MD5: 9c8fdcf946812b81c9fda6750c7ad917
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 4, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.