Last week we wrote about a new ransomware called the Ramadant Ransomware Kit that was encrypting files and adding the .RDM extension. Fabian Wosar, of Emsisoft, further analyzed the infection and was able to find a weakness in the encryption algorithm so that victim's can recover their files for free.  This decrypter will only work on files encrypted with the current version of Radamant that have the extension of .RDM. Though this decrypter will work for most files, certain file types such as .TXT files will not be able to be decrypted.

If you are infected with this malware, simply download decrypt_radamant.exe from the following link and save it on your desktop:

Decrypt Radamant Icon
DecryptRadamant Download

Once you have downloaded the executable, double-click on it to launch the program. When the program starts, you will be presented with a UAC prompt as shown below. Please click on Yes button to proceed. 

UAC Prompt
UAC Prompt

You will then be presented with a license agreement that you must click on Yes to continue. You will now see the main Radamant Decrypter screen.

Radamant Decrypter Screen 
Radamant Decrypter Screen 

To decrypt the C:\ drive click on the Decrypt button. If there are other drives or folder you wish to decrypt that are not listed, you can click on the Add Folder button to add other folders that contain encrypted files.  Once you have added all the folders you wish to decrypt, click on the Decrypt button to begin the decryption process.  Once you click Decrypt, DecryptRadamant will decrypt all the encrypted files and display the decryption status in a results screen like the one below.

Decryption Results
Decryption Results

Most of your files should now be decrypted. If you need any help using this tool, you can ask in the Radamant Ransomware Kit Support Topic.

Related Articles:

The Week in Ransomware - October 26th 2018 - Decryptors, RaaS, and More

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - November 2nd 2018 - RaaS, DiskCryptor, & More

New Ransomware using DiskCryptor With Custom Ransom Message