Remove Radamant Ransomware and Decrypt .RDM Files

This page is here to help users to remove nasty Radamant virus. Follow the guide below to restore .RDM files with ease.

This is a recently distributed trojan-ransomware virus that infects a computer by exploiting a security weakness or user inattention and goes about encrypting many different types of files. Then it demands a ransom be paid for decryption (0.5 Bitcoin – about $230 U.S) – though the encryption has been cracked by Emsisoft researchers (see below). Despite the fact it’s now possible to get the key for free to recover any encrypted data, it is important to uninstall Radamant as soon as possible to avoid secondary attacks from another virus using this infection as a path, and for data privacy concerns. The infection can control your browser and put roots into the system to allow third party access to any details stored or logged on the system. The virus first creates a link to a command & control server, so any information thought valuable to the hackers can be transmitted this way. Like all ransomware, it has certain capabilities to evade and even disable security software and may not be discovered before finishing encryption if it proves stronger than your routine anti-virus tools. If you notice the following symptoms, you may have it: slowed/disrupted browsing; slowing in program processes; freezing of the system for a second or two (and the screen); connections made to the ‘net without command; increase in pop-ups. If your system starts to behave oddly, then you could have a trojan – to find if it is Radamant, search for files with the changed extension .RDM. If you find any, then you’re infected and must get rid of Radamant.

How Radamant can enter a system

There are several ways that infection from ransomware similar to this bug can occur, though what is important to remember: they are all preventable. Either the virus is disguised as an attachment to an e-mail that the user is convinced to open for some benefit (financial, usually), this is called ‘phising’; it’s discreetly bundled with free-ware that’s downloaded and installed without scrutiny, or with a torrent download; a trojan is dropped via a user’s out-of-date browser during a visit to a dubious or compromised ‘site using exploitation kits by the hacker; it’s delivered via a fake pop-up for a freeware update, or lastly – by the manual hacking of an insecure network connection. In the case of Radamant the most reported method of delivery has been the first mentioned, in this case disguised as a .PDF attachment.

remove radamant

How to Decrypt .RDM Files

If you spot signs of infection, then disconnect in all ways from the ‘net and any networking connections to prevent any communication with the command server. Then back-up any files that are not affected – those without .RDM extensions. Manually removing Radamant is possible in Safe Mode with Networking (see below). After removal, check browser settings – return to default and remove any plug-ins that you don’t recognize. Run Microsoft Malicious Software Removal tool to search for any virus roots left (this tool is available from their website if you do not have it in your service pack). Or for automatic removal, run a strong anti-malware program that recognizes this specific ransomware. After deleting Radamant completely, download the DecryptRadamant tool here: http://emsi.at/DecryptRadamant and follow the instructions.

Preventing Radamant

  • It’s important to have advanced anti-virus/anti-malware protection with the most regular updates;
  • Practice safe browsing – adjust browser security settings to the highest levels that should warn about harmful ‘site content; tighten settings controlling plug-ins;
  • Always use Advance/Custom download and instal options and where possible go to official company ‘sites for freeware;
  • Avoid opening suspicious files/e-mails/pop-ups;
  • Secure or disable RDP;
  • Secure networks for access only to Authenticated Users;
  • Look into Window’s Software Restriction Policies that block executable files from running when they are located in specific paths – check the Microsoft website for details.

Forewarned is forearmed, as the saying goes. Guard against such threats by adding additional layers of security to your system, and by using good operating methods. AND always back-up files and folders either in the cloud or to an external drive, on a regular basis.

Be adamant about security and then you can forget about irritations like eradicating Radamant.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.