A new version of Radamant Ransomware Kit has been released after Fabian Wosar of Emsisoft released a decryptor for the previous two versions. The first version of Radamant encrypted data files with a RDM extension , the second version used a RRK extension, and rumors of a third version that we have not seen yet. For the first two releases, Fabian was able to create a decryptor that could recover a victim's files for free. Due to this, it appears that the developer of the Radamant ransomware is not too happy with Fabian and Emsisoft for interfering with their business.
This displeasure is being shown in embedded strings in the ransomware malware executables and the domain names for their Command and Control Servers. For example, in the latest version of the malware executable there are strings such as emsisoft f**kedbastardsihateyou that shows the developers displeasure. This string and more are shown in the image below.
The Radamant developer didn't stop there, though, and decided to also include his displeasure with Emsisoft in the domain name of one of his Command & Control servers. The latest variant that we have seen of this ransomware now uses the domain name emisoftsucked.top as shown below.
As stated in this post, Fabian does not appear to be insulted, but rather quite the opposite.
I am not really sure how things work in your circles, but in my circles getting insulted by malware authors is considered the highest kind of accolade someone can get, so thank you very much for that. Just next time, please try to get the company name right. But it's a common mistake, so I let that one slide.
- Fabian Wosar
Hopefully, Fabian will be able to continue to release decryptors for new versions of the Radamant Ransomware Kit as they are released.