14 DAY TRIAL // Emsisoft is spoiling ransomware victims this Christmas, as their researcher, Fabian Wosar, has released yet another tool capable of decrypting files locked by ransomware, this time by the Radamant Ransomware Kit (Radamant, in some cases referred to as Ramadant due to incorrect spelling).
The tool, called DecryptRadamant, is available via EmsiSoft's website and works exactly like the tools Mr. Wosar released for victims that had their files encrypted by the DecryptorMax and the Gomasom ransomware families.
Unlike previous decryption tools, the one for Radamant does not need to analyze and compare an encrypted file with an unencrypted version to extract the decryption key.
Mr. Wosar was able to find a weakness in the Radamant ransomware's encryption algorithm, and leveraging this issue, he could create the DecryptRadamant tool to automate the decryption process.
Users have to download the tool, run it, go through the license agreement, choose the folders where the ransomware encrypted files, click "Decrypt," and wait. Depending on how many files the ransomware encrypted, this can take from minutes to more than a day.
If you're a ransomware victim but can't tell what ransomware family infected your PC, the clues are generally left in the encrypted file names. Radamant adds the .RDM file extension to each file it encrypts.
If you encounter any problems, there's a support topic on the Bleeping Computer forums, a place where Mr. Wosar often roams and helps ransomware victims.
