Radamant Ransomware

Radamant Ransomware is a serious threat that usually enters systems without permission. After it manages to do that, it immediately performs its main activity – encrypts the majority of files existing on the system. It seems that this ransomware infection is named after the C&C server it uses and its origin is Singapore. Of course, Asian users are not the only ones who encounter Radamant Ransomware because this threat is prevalent among the users throughout the world. Users should be very cautious in order not to encounter Radamant Ransomware. If this happens, unfortunately, it will be impossible to remove it via Control Panel. We understand that it might be a challenging task to get rid of Radamant Ransomware, so we are going to focus on its removal in the second part of this article. Continue reading!

As has already been mentioned, Radamant Ransomware is capable of encrypting all kinds of files. Even though it encrypts a great number of them, it has still been observed that it mainly touches documents and pictures with such extensions as. .bmp, .jpg, .jpg2, .jpeg, .gif, .dadiagrams, .docx, .docxml, .docz, .ppt, .pptx, .ascii, .doc, .docm, .notes, .tex, .text, .html, .xls, .xlsx, .csv, .xlsm, .ods, .png, and .s2mv. As Radamant Ransomware is capable of encrypting hundreds of different files, there is no doubt that you will notice that it is impossible to access the majority of files stored on your PC if this infection manages to sneak onto computer. To be more specific, you will see the file name extension .rdm attached to your files. The primary aim why it does that is to obtain money from users, so do not be surprised if you notice a message on your screen saying that you have to pay a ransom in order to gain access to all the encrypted files after Radamant Ransomware finishes its work. We do not recommend paying money because it will end up in the pockets of cyber criminals. Do not worry; Radamant Ransomware uses the AES encryption, so it is possible to decrypt files without paying money. You can also restore them from a backup, e.g. USB flash drive or an external hard drive.

Research carried out by the specialists working at pcthreat.com has shown that Radamant Ransomware is a rather simple ransomware infection – it has only one file. This file is located in C:\Windows\directx.exe; however, you will not see it because it is hidden. It has been observed that Radamant Ransomware creates the registry value svchost with data REG_SZ C:\Windows\directx.exe in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run and the registry value svchost with data REG_SZ C:\Windows\directx.exe in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. As can be seen, Radamant Ransomware uses the REG.SZ type of Registry Value, which makes it rather unique.

After the thorough analysis of files belonging to Radamant Ransomware, specialists are sure that Radamant Ransomware connects to 103.25.202.192, 92.222.80.28, and 78.138.97.93 IP addresses, which means that it will use your Internet connection as well in order to work properly. Specialists say that Radamant Ransomware connects to the C&C server mainly in order to download mask.php. This file contains a list of extensions that have to be encrypted. Radamant Ransomware will definitely not limit itself to that. There is no doubt that Radamant Ransomware will perform the process cmd.exe /c vssadmin delete shadows /all /quiet in order to delete shadow copies of files and thus do not allow users to restore them easily.

Radamant Ransomware is known to be a serious infection, so do not even expect to delete it via Control Panel. Specialists say that it is possible to erase Radamant Ransomware manually, but it is not so easy to do that, so this method is suitable for more experienced users only. If you cannot call yourself like that, simply download an automatic malware remover, such as SpyHunter, and let it delete Radamant Ransomware for you. The best thing about automatic tools is that they delete other existing infections too, so you will be sure that your system is clean after a single scan. If you are an experienced user and believe that you can get rid of Radamant Ransomware yourself, use instructions provided below. They will help you to eliminate the infection from the registry.

Delete Radamant Ransomware from PC

Display hidden files

Windows XP

1. Tap the Windows key + E.
2. Open the Tools tab.
3. Select Folder options and open the View tab.
4. Mark Show hidden files and folders.
5. Remove the tick from the Hide protected operating system files (Recommended).

Windows 7 and Vista

1. Tap the Windows key + E.
2. Click Organize in the top-left corner.
3. Select Folder and search options and open the View tab.
4. Put a tick in the Show hidden files and folders box.
5. Remove the tick from Hide protected operating system files (Recommended).

Windows 8/8.1/10

1. Go to Control Panel.
2. Select Appearance and Personalization.
3. Under Folder Options, select Show hidden files and folders.
4. Put a tick next to Show hidden files, folders, and drives.
5. Remove the checkbox from the box next to Hide protected operating system files (Recommended).

Delete the main file and registries

1. Go to the C: drive.
2. Access the Windows folder and locate the directx.exe file.
3. Right-click on it and delete it.
4. Tap the Windows key + R.
5. Enter regedit and click OK.
6. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run.
7. Find svchost with C:\Windows\directx.exe data, right-click on it, and delete it.
8. Follow the path HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
9. Locate the svchost value with C:\Windows\directx.exe and get rid of it.