Radamant Ransomware Removal Guide

Radamant Ransomware is a dangerous Trojan malware infection that you will only notice when it is already too late. This Trojan can penetrate your operating system silently, i.e., without your knowledge and encrypt your personal files. You will only know about its presence when it reveals itself by displaying a ransom note on your screen informing you about the encryption and that you have to pay a certain amount of money to get your files decrypted. That is the moment where even a professional antimalware program could not help you because they are not equipped with decryption tools. However, such a security tool could prevent this Trojan and other malware infections from entering your computer if it is running in the background. But even if it is too late for prevention, you will need a reliable malware remover in order to remove Radamant Ransomware. Although your files will remain inaccessible because of the encryption, at least you can eliminate this intrusive Trojan, which is a must if you plan to use your PC in the future. Please continue reading our article to understand more about this infection, how you can prevent it, and what you can do to decrypt your files.

In order for you to be able to avoid such a Trojan to enter your computer, you need to understand how it spreads over the net. We have found that this particular Trojan is mainly distributed in spam e-mails. You may think that your e-mail software or mail server filters out spams, but what if this spam e-mail has a legitimate-looking sender and content as well? Obviously, with the spam filters getting more and more sophisticated, Trojans need even smarter methods to end up in the inboxes of unsuspecting users. Therefore, they may use some well-known company, for example, an Internet provider, to make you believe that the e-mail is authentic.

Radamant Ransomware mostly drops its payload once you click on the attachment that you will find in the mail. It can be an image or video file, but sometimes Trojans use .pdf or .doc files as well. You need to be very careful with spam e-mails because there are also Trojans that actually activate the moment you open the e-mail itself. You do not even need to click on the attachment, and still you will be infected. Therefore, it is quite obvious that if you want to prevent this and similar Trojans from infiltrating your computer, you need to be extra careful when it comes to opening e-mail. You should only check mails that you actually expect to get and open attachments only when you know the sender and you are expecting that you get the attachments. This way you can protect your computer from a great number of infections. However, this will never be as efficient as a professional security tool.

Once this Trojan sneaks onto your operating system and activates itself, it will encrypt all documents, pictures file formats and some others, including jpeg, djvu, pdf, ddoc, css, pptm, raw, cpt, gif, jpeg, jpg, jpe, jp2, pcx, pdn, png, psd, tga, tiff, tif, hdp, xpm, ai, cdr, and a lot more. The files this malware chooses to encrypt are dependent on a file named mask.php, which it downloads from a remote server. This file contains the information about which extensions the Trojan is supposed to encrypt. Once this infection reads the necessary information, it deletes this file. The encrypted files will get an .rdm extension.

We have found that this is a simple crypto ransom infection that uses one hidden file, which you can find as C:\Windows\directx.exe. Radamant Ransomware creates the following registry keys and values to run this executable: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run svchost REG_SZ C:\Windows\directx.exe and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run svchost REG_SZ C:\Windows\directx.exe.

We have also discovered that Radamant Ransomware uses AES encryption (Advanced Encryption Standard), which is a symmetric encryption algorithm that, unlike RSA, is actually possible to decrypt. This is definitely good news for users because if this Trojan used RSA, they would definitely lose all their personal files. Although the ransom note promises to decrypt your files once you pay the ransom fee, we do not recommend that you pay because there is absolutely no guarantee that the cyber criminals behind this scam will really deliver as promised. We advise you to remove Radamant Ransomware and all other potential threats from your computer as a first step. Then, you can research the web to find a reliable free decryption tool for AES at your own risk. But, if you are not an experienced user, you may want to ask someone who is or a professional to help you with the decryption. Of course, the best solution is always to have regular backups of your personal files on an external drive that is not connected to your computer. This way you could simply copy your files back to your hard drive and you would be saved.

We do not recommend that you go after this Trojan manually and try to delete it from your system because unless you are an expert, you might cause irreparable damage to your operating system. That is why we suggest that you download and install a reliable antimalware program, such as SpyHunter, and eliminate all existing threats before you try to decrypt or restore your files. Please follow our instructions below in order to clean your PC and protect it from similar attacks.

How to remove Radamant Ransomware

1. Start up your browser and enter: http://www.411-spyware.com/download-sph.
2. Download and install SpyHunter.
3. Run a full system scan and remove all infections.
4. Restart your PC.