Radamant

One example of the Radamant variant. Image Source: Bleeping Computer

One example of the Radamant variant.

Image Source: Bleeping Computer

Radamant targets Windows OS and is distributed via the Rig exploit kit. It creates auto-run registry keys to establish and maintain persistence, contacts its C2 servers, scans all drives, deletes Shadow Volume Copies, and encrypts targeted files using AES-256. Encrypted files will display either the .RDM (first version) or .RRK (second version) file extensions. Radamant is also part of a ransomware kit that can be rented as a service from its developer for $1,000 per month.

  • Emsisoft offers a decryption tool for affected files bearing the .RDM and .RRK extensions, available here. Instructions on how to use this tool are available here.