Radamant ransomware v1 and v2 are now decryptable. Fabian Wosar, security researcher at Emsisoft, has managed to crack the encryption algorithm for the first two versions of the Radamant Ransomware Kit, and its creator was not happy at all with his actions.
The first version of the ransomware which encrypted files with the .RDM extension was cracked and an official decryptor released just before Christmas, available for free, and allowing anyone to decrypt files locked with Radamant without paying the ransom.
Forced by Mr. Wosar’s ransomware-decrypting abilities, Radamant’s author went to work on a newer version, and to show his displeasure towards Fabian’s work, he left some “nice words” behind in his code for both Fabian and his company, Emsisoft.
You know you’re a professional infosec researcher when malware authors insult you via domain names
The ransomware’s author was so mad at the researcher, that the URL where victims of Radamant v2 need to go, contains an incomplete slur directed at Emsisoft (emisoftsucked.top). This is probably because he can’t do anything right, and both the first and the second versions of the ransomware were quite easy to crack by Mr. Wosar, who released a second version of his decryption tool just two days after Radamant v2 victims started complaining online (files encrypted with .RRK file extension).
According to Mr. Wosar, both versions of the ransomware are quite of low quality, and often both the encryption and decryption process corrupts files. Fortunately, his DecryptRadamant tool accounts for all the ransomware’s bad coding, and the tool can recoup damaged files.
As for the insults, Mr. Wosar was quite happy about them: “I am not really sure how things work in your circles, but in my circles getting insulted by malware authors is considered the highest kind of accolade someone can get, so thank you very much for that.”
Radamant offered in a Ransomware-as-a-Service platform
Even worse, the ransomware author is not aware of his dodgy product, and according toBleeping Computer, he’s now offering Radamant as a Ransomware-as-a-Service offering on the underground market.
His ransomware delivery platform can be rented for $1,000 per month, and tested for $100 for no longer than two days.
An admin panel is provided for less technical users, and a third version is also rumored to be in the works, one that accounts for Mr. Wosar decrypting Radamant v2 so quickly. We only wonder what messages Radamant’s creator will leave behind this time.
Language in some images may offend some people.
Radamant decryption domain hints at insult towards Emsisoft