Radamant Ransomware

Posted: December 21, 2015
Threat Metric
Threat Level: 10/10
Infected PCs 67

Radamant Ransomware Description

The Radamant Ransomware is a file encrypting Trojan that makes your files unreadable as part of a tactic to ransom their safe return in exchange for money. While such attacks are hardly unique, malware experts have since verified that the Radamant Ransomware makes legitimate encryption attacks, rather than faking the appearance of such attacks, and also may take further steps, such as deleting any local backup data. Recovering data lost from these infections is currently heavily reliant on remote backup strategies; meanwhile, removing the Radamant Ransomware is recommended only with help from your onboard anti-malware products.

The Latest Face of Threats on Facebook

Considering the importance of the appearance of threats in a threat attack, not all types of ransomware follow through on their supposed encryption of your files. Unfortunately, even simple forms of encryption may be relatively difficult to crack, and many threat authors put in the effort for the sake of increased profitability. The Radamant Ransomware is a new case of a file encrypting Trojan following up on its attacks with genuine AES-256 encryption. The aftermath of such an attack is that all files targeted and modified by the Radamant Ransomware are no longer readable.

While the Radamant Ransomware is new, malware researchers have seen early evidence of the Radamant Ransomware's admin using social networking tactics to install this threat. Platforms like Facebook and Twitter may host obfuscated Web links including redirects to the Radamant Ransomware installers, which are likely to disguise themselves as another kind of content, such as a Windows update. Some personal Web domains also have been linked to the Radamant Ransomware: crazytrevor.in and crazytrevor.com, although both of these sites are serving as Command & Control administrative servers, rather than distribution hotspots.

After attacking your files, the Radamant Ransomware places an HTML instructional file on your desktop that includes its ransom instructions. As usual, the Radamant Ransomware prefers BitCoin payments, with the current ransom demands staying slightly over 200 USD.

Dimming the Lights on a Not-So-Radiant Ransomware Campaign

The Radamant Ransomware's scans include extremely large format ranges, from image files to text documents, to spreadsheets, and other file types too numerous to list in full here. Files affected by the Radamant Ransomware encryption may be identified by their extension change, which includes an appended '.RDM' type. Note that there are some gaming applications (primary Ragdoll Soft products) that use the RDM file type by default, and are unrelated to the Radamant Ransomware attacks.

The Radamant Ransomware also deletes your local Shadow Volume Copies data, which its victims could have used to restore their files. Instead of depending on local backups or paying the Radamant Ransomware's ransom, malware experts recommend keeping multiple backups in safe locations, such as in a cloud server or a removable hard drive. Other PC security entities also have made positive statements on the potential development of decryption utilities for the Radamant Ransomware, which will be made public for free.

Guarding your computer against threat intrusions by observing which links you click is much simpler than removing the aftereffects of any file encryptor. For PC users for whom protecting their data is already too late, deleting the Radamant Ransomware always should use anti-malware programs able to detect all other threats and system changes that could have associations with this threat.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Radamant Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%26e8403a.exe File name: 26e8403a.exe
Size: 110.4 KB (110407 bytes)
MD5: 9c8fdcf946812b81c9fda6750c7ad917
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 4, 2016
Home Malware Programs Ransomware Radamant Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.