- Jan 31, 2014
- 888
Source: Strong indications that ransomware devs don’t like Emsisoft
Strong indications that ransomware devs don’t like Emsisoft
As reported by our friends atBleepingcomputer, the developers of the Radamant Ransomware Kit have now released a new, third version of their ransomware. This comes after the Emsisoft lab, led by our CTO Fabian Wosar, succesfully developed a decryptor for the previous two versions. The first version of Radamant encrypts data files with a RDM extension, while the second version uses a RRK extension. There are now rumors of a third version that we have not seen yet. For the first two versions, our developed decryptor can recover a victim’s files – for free. It comes to no surprise though, that the developer of the Radamant ransomware wasn’t very happy with Fabian and Emsisoft for interfering with his business.
Take a look at the embedded strings in the ransomware malware executables and the domain names for their Command and Control Servers: For example, in the latest version of the malware executable there are strings such as emisoft f**kedbastardsihateyou that shows the developers displeasure that are really similar to “Emsisoft”.
-------------------------
Click the link above to view screenshots
Strong indications that ransomware devs don’t like Emsisoft
As reported by our friends atBleepingcomputer, the developers of the Radamant Ransomware Kit have now released a new, third version of their ransomware. This comes after the Emsisoft lab, led by our CTO Fabian Wosar, succesfully developed a decryptor for the previous two versions. The first version of Radamant encrypts data files with a RDM extension, while the second version uses a RRK extension. There are now rumors of a third version that we have not seen yet. For the first two versions, our developed decryptor can recover a victim’s files – for free. It comes to no surprise though, that the developer of the Radamant ransomware wasn’t very happy with Fabian and Emsisoft for interfering with his business.
Take a look at the embedded strings in the ransomware malware executables and the domain names for their Command and Control Servers: For example, in the latest version of the malware executable there are strings such as emisoft f**kedbastardsihateyou that shows the developers displeasure that are really similar to “Emsisoft”.
-------------------------
Click the link above to view screenshots