Home Malware Programs Ransomware Radamant Ransomware

Radamant Ransomware

Posted: December 21, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 67
First Seen: December 21, 2015
OS(es) Affected: Windows

The Radamant Ransomware is a file encrypting Trojan that makes your files unreadable as part of a tactic to ransom their safe return in exchange for money. While such attacks are hardly unique, malware experts have since verified that the Radamant Ransomware makes legitimate encryption attacks, rather than faking the appearance of such attacks, and also may take further steps, such as deleting any local backup data. Recovering data lost from these infections is currently heavily reliant on remote backup strategies; meanwhile, removing the Radamant Ransomware is recommended only with help from your onboard anti-malware products.

The Latest Face of Threats on Facebook

Considering the importance of the appearance of threats in a threat attack, not all types of ransomware follow through on their supposed encryption of your files. Unfortunately, even simple forms of encryption may be relatively difficult to crack, and many threat authors put in the effort for the sake of increased profitability. The Radamant Ransomware is a new case of a file encrypting Trojan following up on its attacks with genuine AES-256 encryption. The aftermath of such an attack is that all files targeted and modified by the Radamant Ransomware are no longer readable.

While the Radamant Ransomware is new, malware researchers have seen early evidence of the Radamant Ransomware's admin using social networking tactics to install this threat. Platforms like Facebook and Twitter may host obfuscated Web links including redirects to the Radamant Ransomware installers, which are likely to disguise themselves as another kind of content, such as a Windows update. Some personal Web domains also have been linked to the Radamant Ransomware: crazytrevor.in and crazytrevor.com, although both of these sites are serving as Command & Control administrative servers, rather than distribution hotspots.

After attacking your files, the Radamant Ransomware places an HTML instructional file on your desktop that includes its ransom instructions. As usual, the Radamant Ransomware prefers BitCoin payments, with the current ransom demands staying slightly over 200 USD.

Dimming the Lights on a Not-So-Radiant Ransomware Campaign

The Radamant Ransomware's scans include extremely large format ranges, from image files to text documents, to spreadsheets, and other file types too numerous to list in full here. Files affected by the Radamant Ransomware encryption may be identified by their extension change, which includes an appended '.RDM' type. Note that there are some gaming applications (primary Ragdoll Soft products) that use the RDM file type by default, and are unrelated to the Radamant Ransomware attacks.

The Radamant Ransomware also deletes your local Shadow Volume Copies data, which its victims could have used to restore their files. Instead of depending on local backups or paying the Radamant Ransomware's ransom, malware experts recommend keeping multiple backups in safe locations, such as in a cloud server or a removable hard drive. Other PC security entities also have made positive statements on the potential development of decryption utilities for the Radamant Ransomware, which will be made public for free.

Guarding your computer against threat intrusions by observing which links you click is much simpler than removing the aftereffects of any file encryptor. For PC users for whom protecting their data is already too late, deleting the Radamant Ransomware always should use anti-malware programs able to detect all other threats and system changes that could have associations with this threat.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\26e8403a.exe File name: 26e8403a.exe
Size: 110.4 KB (110407 bytes)
MD5: 9c8fdcf946812b81c9fda6750c7ad917
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 4, 2016
Loading...