INFECTED BY Ransomware (.radman)

[ARNEST 0]

My files are encrypted by ransomware (.radman). Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

I tried with all decryptors but was unsuccessful. Please help me decrypt my files.

[GT500 808]

17 hours ago, ARNEST said:

Personal ID: 086Hjh74389hUSf8bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz

That's an online ID, so we'll need the MAC addresses from the infected computer as well. You can use STOPDecrypter to get that information. Here's a link to instructions:
https://kb.gt500.org/stopdecrypter

 

Also note that while most ransomwares will automatically delete themselves after they finish encrypting files, some are now leaving behind components on computers they infect that will encrypt any new files saved and will encrypt any files you manage to decrypt. It's best to check and make sure that no such components have been left behind, so I recommend following the instructions at the link below to get us logs from FRST so that one of our experts can make sure there is nothing malicious still on your computer (please attach the log files FRST saves to a reply to this topic on the forums):
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

Note: If anything that appears suspicious is found in your logs, then your post will be moved into a new topic to facilitate better communication between you and whoever is assisting you. We'll also try to make sure that you are following the new topic so that you receive e-mail notifications when someone replies to it.

[Haroldo 0]

Meus arquivos são criptografados pelo ransomware (.radman). Identificação: ] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman )

Mac: 40:16:7E:7B:B8:8F

Eu tentei com todas as decryptors, mas não teve sucesso. Por favor me ajude a decifrar meus arquivos.

[+] Arquivo: C:\Users\gheng\Desktop\Nova pasta\006 - capítulos FISICO FINANCEIRO.xlsx.radman
[-] nenhuma chave para ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)

0 dados decodificados!
Arquivos ignorados 1.

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

Edited May 25, 2019 by GT500
Removed quote box.

[ARNEST 0]

Thanks GT500. I followed your advice.

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

Edited May 24, 2019 by ARNEST
More information

[ARNEST 0]

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

[GT500 808]

21 hours ago, Haroldo said:

[!] Sem chaves foram encontradas para as seguintes identificações:
[*] ID: Hyz6gHZojIX9FB4gjXNrEeVormifAm7taiModiPA (.radman)
por favor arquivar essas identificações e os seguintes endereços de MAC, em caso de futura descriptografia:
[*] MACs: 40:16:7E:7B:B8:8F
Esta informação também foi registrada para STOPDecrypter-log. txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

 

5 hours ago, ARNEST said:

[!] No keys were found for the following IDs:
[*] ID: bwVJLrUFtzutHXui1MCvtQw7baY8jcfIt3avTOVz (.radman )
Please archive these IDs and the following MAC addresses in case of future decryption:
[*] MACs: 82:C5:F2:71:83:C3, 80:C5:F2:71:83:C3, 80:C5:F2:71:83:C2
This info has also been logged to STOPDecrypter-log.txt

I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

[ARNEST 0]

ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM...

[Amigo-A 132]

ARNEST

Please, be patient. Support specialists  may not respond during the weekend. This is indicated in the forum rules.

The solution of the problem may come not very quickly.
Do not depart from the topic, it is important for you, wait for the answer of the specialist and the final decision.

[GT500 808]

11 hours ago, ARNEST said:

ANY NEWS MR GT500 OF A SOLUTION TO MY PROBLEM...

If there is any news, you should be contacted privately by someone with the screen name Demonslay335.

[[email protected] 0]

Dear GT500,

                 I have some a problem in the same, my files on PC have been encrypted by ransomware (.radman extension)

I send you the information regarding log files form StOPDecrypter tool and FRST program and please see the attached files.

 Here is my troubleshooting

 1. I have format drive C and installed new windows OS, I accidentally did it.

 2. But my files on PC, it has still been encrypted. (radman extension).

 please help me solve a problem or do you have any suggestion.

 Thank you very much.

Addition.txt FRST.txt STOPDecrypter-log.txt

[GT500 808]

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

[[email protected] 0]

On 5/31/2019 at 3:48 AM, GT500 said:

@[email protected] I've forwarded your ID and MAC addresses to the creator of STOPDecrypter so that he can archive them in case he is able to figure out your decryption key at some point in the future.

As for your FRST logs, at first glance they appear clean. Certainly no leftovers from STOP/Djvu, so you don't have to worry about that at least.

Recovery of files will take some time. Right now, in the vast majority of cases, the maker of STOPDecrypter will contact you privately when he is able to figure out your decryption key.

Thank you very much for your suggestion.

[GT500 808]

You're welcome.

[ARNEST 0]

Dear GT500,

How is the progress to find decrypter for Radman ransomware?

I am still waiting

 

[GT500 808]

20 hours ago, ARNEST said:

Dear GT500,

How is the progress to find decrypter for Radman ransomware?

I am still waiting

The creator of STOPDecrypter is still working on trying to find peoples' decryption keys. It's not as easy as it used to be, and may still take some time before anyone is able to provide a solution for most victims. As for how much time, it's difficult to say.

[ARNEST 0]

Dear GT500,

Any progress in finding online keys for decryption of radman ransomware encrypted files.

I have not got any communication from Demonslay335.

Thank you

[GT500 808]

It's still being worked on. Hopefully it won't be too much longer before we have a solution for you.

[ARNEST 0]

Thank you Mr. GT500.

Have  you got any solution for my problem.

I am anxiously waiting because some of my important files  I need to get immediately. For the last few months I have postpone my work due to the encrypted files and folders.

Kindly let me know.

Thank you

[GT500 808]

19 hours ago, ARNEST said:

Have  you got any solution for my problem.

I am anxiously waiting because some of my important files  I need to get immediately. For the last few months I have postpone my work due to the encrypted files and folders.

It's still being worked on. We'll let you know once it's ready.

[ARNEST 0]

Thanks Mr. GT500 for your initiative and help.

I am still waiting.

Regards

[GT500 808]

We have a new decryption service for STOP/Djvu available. There's more information and instructions on how to use it at the following links:
https://www.bleepingcomputer.com/news/security/stop-ransomware-decryptor-released-for-148-variants/
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/

[ARNEST 0]

Thanks Mr. GT500.

I tried with the online decryption, since mine was with the online key, but i have a difficulty that I hardly have the original file, the ones that I had also shows 'invalid upload' even after having processed.

I really thank you for the guidance and help that you have given me.

Arnest

[Amigo-A 132]

Here is a sample list where you can find the originals of the encrypted files :

1) on flash drives, external drives, CD / DVD, memory cards of the camera, phone;
2) in attachments of emails sent or received by you;
3) among the copies of shared photos of friends, relatives (in their PC) that you gave;
4) among the uploaded photos in the social. networks, including via smartphone and tablet;
5) among the uploaded photos to cloud services (Google Disk,  OneDrive, Yandex Disk etc.);
6) on the sites of ads, forums, where you could previously send photos or images;
7) among unencrypted files, copies, renamed files on your PC;
8 ) on an old PC or disk, from where you transferred photos and documents to a new PC;
9) you can re-upload from the Internet previously downloaded photos, pictures, etc .;
10) you can use sample images supplied with Windows;
11) take photos or pictures that you previously posted on the avatar on the forums.
12) extract previously deleted files from the Recycle Bin or restore it with a special program.
 
If decryption failed ...
 
It is possible that the original file was an inaccurate copy of the encrypted. This could be due to the fact that earlier you yourself reduced or corrected it in the editor, or uploaded to social networks, cloud services, and there the file was somehow automatically changed.
Look for more files and try different pairs of encrypted and original files with the same name. Very often files can have the same name, but are not a copy of each other. Vocabulary used in any language is limited. The possibilities of PCs, cameras and other devices for taking photos are also limited. In cameras and mobile devices, names for photos are given automatically according to a specific format, so photos with the name from IMG_0001.JPG to IMG_9999.JPG can be quite a lot in different years. Smartphones can give photos more original names, such as IMG_20171012_170451.jpg - here and the date of shooting, and the sequence number, thus the repetition of the name is unlikely.

[GT500 808]

23 hours ago, ARNEST said:

the ones that I had also shows 'invalid upload' even after having processed.

Can you take a screenshot of the error message and paste it into a reply?