Strong indications that ransomware devs don’t like Emsisoft

Strong indications that ransomware devs don’t like Emsisoft

As reported by our friends at Bleepingcomputer, the developers of the Radamant Ransomware Kit have now released a new, third version of their ransomware. This comes after the Emsisoft lab, led by our CTO Fabian Wosar, succesfully developed a decryptor for the previous two versions. The first version of Radamant encrypts data files with a RDM extension, while the second version uses a RRK extension. There are now rumors of a third version that we have not seen yet. For the first two versions, our developed decryptor can recover a victim’s files  – for free. It comes to no surprise though, that the developer of the Radamant ransomware wasn’t very happy with Fabian and Emsisoft for interfering with his business.

Take a look at the embedded strings in the ransomware malware executables and the domain names for their Command and Control Servers: For example, in the latest version of the malware executable there are strings such as emisoft f**kedbastardsihateyou that shows the developers displeasure that are really similar to “Emsisoft”. But see for yourself:

 

The Radamant developer also included Emsisoft in the domain name of one of his Command & Control servers: emisoftsucked.top (typo included).

As stated in this post, Fabian does not appear to be insulted, but rather quite the opposite:

“I am not really sure how things work in your circles, but in my circles getting insulted by malware authors is considered the highest kind of accolade someone can get, so thank you very much for that. Just next time, please try to get the company name right. But it’s a common mistake, so I let that one slide.”- Fabian Wosar

If you’re a victim of the Radamant ransomware and would like to recover your files and download our decrypter, please read and visit the forum thread at Bleepingcomputer in which you can find the most recent info and instructions.

thumb_rdm_150x150Please note, that Emsisoft Anti-Malware running on the server won’t stop any infected clients from encrypting files on the shares. As of now, all variants can be successfully decrypted. We’ll keep you posted!

  • rodrigo vera

    hello, I think I have this Ramadam ranson virus, I m trying to install Emisisoft Emergency kit and jus when it finishes extracting the files it pops up a window saing the “start” file is not correct and it shut down installation. I´ll try the text version but I know little how to use it. any recommendations or suggestion on how to rid my self from this nightmare are highly welcome. Thanks.

    • Fabian Wosar

      Hello Rodrigo,

      You can start EEK using the “Start Emsisoft Emergency Kit” shortcut on your Desktop. That should allow you to perform a scan just fine.

      May I ask why you think you were targeted by Radamant? Are your files inaccessible and renamed using the RDM or RRK extensions?

      • rodrigo vera

        Hello Fabian, thanks for your quick reply.The problem is that the virus doesn t let me install EEK anywhere n the computer. I was able to doit in another computer and installed it in a USB flush drive. Now I´m going to run the scan from there. I tried everything kasperky rescue disk 10, hitmmanpro, malwrebyte,The file extension is VVV.

        • Fabian Wosar

          Hello Rodrigo,

          Would you mind shooting me an email about this to fw@emsisoft.com? I don’t feel the comments are a good medium to discuss your case and it makes it a lot easier for me if we moved this discussion to email.

          Thanks :)

  • rodrigo vera

    same problem trying to install it on USB flasg drive.

  • rodrigo vera

    Fabian,
    I was able to run the full scan but EEK wasn t able to find the virus. The problem persists. Any suggestion?

    • Neven Raj

      Hi, Rodrigo, Did you try Avira :)

  • TheSeeker11

    Classic!

  • I think this is a pretty good sign you’re getting under their skin.
    :^]

  • Matt Godwin

    When will the public get help against the REAL beast Cerber Ransomware?!