Last week we wrote about a new ransomware called the Ramadant Ransomware Kit that was encrypting files and adding the .RDM extension. Fabian Wosar, of Emsisoft, further analyzed the infection and was able to find a weakness in the encryption algorithm so that victim's can recover their files for free. This decrypter will only work on files encrypted with the current version of Radamant that have the extension of .RDM. Though this decrypter will work for most files, certain file types such as .TXT files will not be able to be decrypted.
If you are infected with this malware, simply download decrypt_radamant.exe from the following link and save it on your desktop:
DecryptRadamant Download
Once you have downloaded the executable, double-click on it to launch the program. When the program starts, you will be presented with a UAC prompt as shown below. Please click on Yes button to proceed.
You will then be presented with a license agreement that you must click on Yes to continue. You will now see the main Radamant Decrypter screen.
To decrypt the C:\ drive click on the Decrypt button. If there are other drives or folder you wish to decrypt that are not listed, you can click on the Add Folder button to add other folders that contain encrypted files. Once you have added all the folders you wish to decrypt, click on the Decrypt button to begin the decryption process. Once you click Decrypt, DecryptRadamant will decrypt all the encrypted files and display the decryption status in a results screen like the one below.
Most of your files should now be decrypted. If you need any help using this tool, you can ask in the Radamant Ransomware Kit Support Topic.
Comments
RickCP - 8 years ago
Hi Grinler:
Just to thank you for the official announcement and to note a small typo in the articles subject line (should be Ramadant and not Randamant).
Thanks again (and to Fabian) for a great job.
RickCP - 8 years ago
(should be Ramadant and not Randamant)
Or should I have said... Radamant?
Sorry, couldnt edit/correct it in my first comment above :)
lovehacker10 - 8 years ago
Hi!, I also have the same issue. Additionally, I downloaded the decryptor software and tried to use it but Im getting errors. It says...
Could not guess key. Most likely the original file format is not supported
I know that .txt format file is not supported now but it is not decrypting pdf, docx and xlsx as well
Allen - 8 years ago
Just curious, but any reason why it cant decrypt .txt files?
sumitdhiman - 8 years ago
Text files lack a distinctive marker at the beginning of the file. So decrypting text files and pure text based formats is not supported.
crisis2k - 8 years ago
Marvelous Work! grinler, Fabian.
I will test this and send report later.
lovehacker10 - 8 years ago
Well the updated version works like a charm. Big thanks to Fabian for his hard work.
Amigo-A - 8 years ago
Please tell me, the decryptor will to work with files, encrypted Radamant v2.1?
rengrish - 8 years ago
Hi, Thanks for the software. I tried to decrypt the JPEG files. It says .
Starting decryption ...
Finished!
I could not get the decrypted files. Kindly help me.
UnixBalsamo - 5 years ago
Hello.
I live in Brazil, I have a problem with my computer, all my files of various type extensions like .png, .docx, .jpeg, .pdf .gif and others, have been changed to docm and encrypted, help me.