A new version of Radamant Ransomware Kit has been released after Fabian Wosar of Emsisoft released a decryptor for the previous two versions. The first version of Radamant encrypted data files with a RDM extension , the second version used a RRK extension, and rumors of a third version that we have not seen yet. For the first two releases, Fabian was able to create a decryptor that could recover a victim's files for free.  Due to this, it appears that the developer of the Radamant ransomware is not too happy with Fabian and Emsisoft for interfering with their business.

This displeasure is being shown in embedded strings in the ransomware malware executables and the domain names for their Command and Control Servers. For example, in the latest version of the malware executable there are strings such as emsisoft f**kedbastardsihateyou that shows the developers displeasure.  This string and more are shown in the image below.

Strong indications the malware dev doesn't like Emsisoft

The Radamant developer didn't stop there, though, and decided to also include his displeasure with Emsisoft in the domain name of one of his Command & Control servers. The latest variant that we have seen of this ransomware now uses the domain name emisoftsucked.top as shown below.

As stated in this post, Fabian does not appear to be insulted, but rather quite the opposite.

I am not really sure how things work in your circles, but in my circles getting insulted by malware authors is considered the highest kind of accolade someone can get, so thank you very much for that. Just next time, please try to get the company name right. But it's a common mistake, so I let that one slide.
- Fabian Wosar

Hopefully, Fabian will be able to continue to release decryptors for new versions of the Radamant Ransomware Kit as they are released.  

Related Articles:

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware

Moscow's New Cable Car System Infected with Ransomware the Day After it Opens