I just published the new version 126.96.36.199
of the Radamant decrypter. New in that version is support for Radamant v2. A few things to note:
Clearly the author of the malware is reading here and they don't appear to be very pleased with what I am doing, as is evident by just looking at the malware:
.rdata:0040C030 00000021 C ThxForHlpFabianWosarANDbleepYOU!!
.rdata:0040C088 0000001F C emisoft bleepedbastardsihateyou
.rdata:0040C506 0000001A C radamantv2_emisoft_bleeped
I am not really sure how things work in your circles, but in my circles getting insulted by malware authors is considered the highest kind of accolade someone can get, so thank you very much for that. Just next time, please try to get the company name right. But it's a common mistake, so I let that one slide.
The RRK version of Radamant is actually more reliable to decrypt than the RDM version. The only downside is, that the process is also a bit slower. It is not uncommon for the decrypter to work on a file for a couple of minutes until it figured out how to decrypt it properly, but it will work for all file formats. I didn't add multi-threading yet, but you can in theory speed up the decryption process by running multiple instances of the tool, each decrypting different directories. I may add proper multi-threading later, but I decided not to delay the release of the tool further just to add such a feature, especially since parallel decryption is a viable option.
Oh, and unlike the malware itself, which will happily mess up your files even if you paid the ransom, because due to several severe bugs in the malware, it is very well possible for the malware to just botch up the encryption and decryption, this tool will handle both messed up and properly encrypted files perfectly fine:
You can download the new version of the decrypter here:http://emsi.at/DecryptRadamant
If for some reason you get a version that is older than 188.8.131.52, please empty your browser cache and re-download.
Edited by Fabian Wosar, 28 December 2015 - 09:31 AM.