Radamant Ransomware Removal Guide

Do you know what Radamant Ransomware is?

Radamant Ransomware is a serious computer infection that enters systems without permission. The first symptom that it has managed to slither onto your computer is a bunch of encrypted files. This infection primarily does that in order to extort money from innocent users. This crypto ransomware should place a message on the screen too with instructions on how to decrypt files; however, it has been observed that not all the versions of Radamant Ransomware act as they should. If you do not see a message on the screen or a separate file with instructions, it simply means that Radamant Ransomware cannot connect to the C&C server, but it is, undoubtedly, still dangerous and has to be eliminated from the system as soon as possible. Unfortunately, Radamant Ransomware cannot be erased via Control Panel because it is a really serious computer infection. Of course, there is still a way to do that. More detailed information on the Radamant Ransomware removal is provided further in the article written by our team of experts.

Research carried out by our specialists has shown that the first thing Radamant Ransomware does is connects to the C&C server, which is probably called Radamant, in order to download the file known as mask.php. This file contains all the necessary information that allows Radamant Ransomware to work properly. In addition, there is no doubt that mask.php contains the long list of extensions that have to be encrypted. It has been observed that Radamant Ransomware mainly touches various documents and pictures that have such extensions as. jpe, .jpg, .jpg2, .mgmf, .sqb, .diz, .dne, .doc, .docm, .bmp, .ppt, .xls, .csv, .xlsx, csv, .xpm, .svg, .fb2, and .smil. Of course, it can encrypt other types of files as well. You can easily recognize all the encrypted files because they will have the .rdm filename extension attached to them. As you have probably understood, Radamant Ransomware basically does not leave any easily accessible files. Unlike other well-known crypto ransomware infections, Radamant Ransomware uses the AES encryption. It is not as secure as RSA, so we believe that you will gain access to your files sooner or later. Of course, this will not happen without your interference. You will either have to pay a ransom for cyber criminals in order to get the key (not recommended), restore your files from a backup (e.g. USB flash drive, external hard drive, or e-mail), or use the decryption tool.

Radamant Ransomware is not a unique threat at all. Like other ransomware infections, it simply encrypts all the files. Therefore, we consider it to be a simple infection. Another reason why our specialists think that this ransomware is rather simple is the fact that it has only one main file. It can be found by following this path: C:\Windows\directx.exe. This threat also creates the registry value svchost with data REG_SZ C:\Windows\directx.exe in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. The main path depends on the version of Windows, i.e. whether the user has 32-Bit or 64-Bit Windows. Even though Radamant Ransomware is not a very sophisticated threat, it is unique in a sense that it uses the REG_SZ type of registry value.

In order to find all the possible information about Radamant Ransomware, our team of security experts has checked its main file and found that this threat can also connect to such IP addresses as 103.25.202.192, 92.222.80.28, and 78.138.97.93, which suggests that it will use your Internet. In addition to this, Radamant Ransomware will perform the command cmd.exe /c vssadmin delete shadows /all /quiet in order to delete shadow copies of files. As you have probably understood, Radamant Ransomware performs hundreds of different activities even though it is a rather simple threat.

The majority of users understand that Radamant Ransomware has entered their systems without permission; however, not all of them know how this has happened. Our team of specialists has checked how this infection is distributed and now can say that users often initiate the installation of Radamant Ransomware after they click on a bad link. Of course, people can download Radamant Ransomware together with bad programs too. Last but not least, there are thousands of people who have allowed Radamant Ransomware to enter their systems after they have opened a spam email attachment. Finally, the presence of Radamant Ransomware might be the result of other malicious programs existing on the system. To prevent other ransomware infections from slithering on the system, install a security tool on your PC.

It seems that Radamant Ransomware does not block main system utilities, so you will be able to download a security tool, e.g. SpyHunter easily, install it, and scan the system in order to erase Radamant Ransomware fully. It is possible to get rid of Radamant Ransomware manually too, but this is definitely not an easy task. Before you go for the manual Radamant Ransomware removal, make sure that all the hidden files can be seen.

How to delete Radamant Ransomware

  1. Open the Files Manager and enter C:\Windows\directx.exe in the bar at the top.
  2. Delete directx.exe file after you detect it.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (for 64-bit Windows).
  4. Locate the svchost value, right-click on it, and click delete.
  5. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (for 32-bit and 64bit Windows).
  6. Locate svchost value and get rid of it.

In non-techie terms:

Do not forget that it is very important to scan the system with an automatic malware remover even if you manage to delete Radamant Ransomware yourself. It is important to do that in order to detect and eliminate all other existing infections. If you do not erase them, other serious infections might enter your system once again with their help.