INFECTED BY Ransomware (.radman)

[ARNEST 0]

My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

I tried with all decryptors but was unsuccessful. Please help me decrypt my files.

[GT500 572]

17 hours ago, ARNEST said:

Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:
https://kb.gt500.org/stopdecrypter

 

Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

[Haroldo 0]

Meus arquivos são criptografados pelo ransomware (.radman). Identificação: ] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman )

Mac: 40:16:7E:7B:B8:8F

Eu tentei com todas as decryptors, mas não teve sucesso. Por favor me ajude a decifrar meus arquivos.

[+] Arquivo: C:\Users\gheng\Desktop\Nova pasta\006 - capítulos FISICO FINANCEIRO.xlsx.radman
[-] nenhuma chave para ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)

0 dados decodificados!
Arquivos ignorados 1.

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

Edited May 25 by GT500
Removed quote box.

[ARNEST 0]

Thanks GT500. I followed your advice.

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

Edited May 24 by ARNEST
More information

[ARNEST 0]

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

[GT500 572]

21 hours ago, Haroldo said:

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

 

5 hours ago, ARNEST said:

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

[ARNEST 0]

ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM...

[Amigo-A 24]

ARNEST

Please, be patient. Support specialists  may not respond during the weekend. This is indicated in the forum rules.

The solution of the problem may come not very quickly.
Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.

[GT500 572]

11 hours ago, ARNEST said:

ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM...

If there is any news, you should be contacted privately by someone with the screen name Demonslay335.

[[email protected] 0]

Dear GT500,

                 I have some a problem in the same, my files on PC have been encrypted by ransomware (.radman extension)

I send you the information regarding log files form StOPDecrypter tool and FRST program and please see the attached files.

 Here is my troubleshooting

 1. I have format drive C and installed new windows OS, I accidentally did it.

 2. But my files on PC, it has still been encrypted. (radman extension).

 please help me solve a problem or do you have any suggestion.

 Thank you very much.

Addition.txt FRST.txt STOPDecrypter-log.txt

[GT500 572]

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

[[email protected] 0]

On 5/31/2019 at 3:48 AM, GT500 said:

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

Thank you very much for your suggestion.

[GT500 572]

You're welcome.

[ARNEST 0]

Dear GT500,

How is the progress to find decrypter for Radman ransomware?

I am still waiting

 

[GT500 572]

20 hours ago, ARNEST said:

Dear GT500,

How is the progress to find decrypter for Radman ransomware?

I am still waiting

The creator of STOPDecrypter is still working on trying to find peoples' decryption keys. It's not as easy as it used to be, and may still take some time before anyone is able to provide a solution for most victims. As for how much time, it's difficult to say.

[ARNEST 0]

Dear GT500,

Any progress in finding online keys for decryption of radman ransomware encrypted files.

I have not got any communication from Demonslay335.

Thank you

[GT500 572]

It's still being worked on. Hopefully it won't be too much longer before we have a solution for you.