Unicorn Ransomware
The Unicorn Ransomware is a file-locking Trojan that tries to hold the user's media hostage by encrypting files, such as documents. The Unicorn Ransomware includes a partially-randomized extension for each file's name, a change to the wallpaper, and a Coronavirus-themed pop-up that may relate to its distribution tactic. The usual precautions of anti-malware programs for removing the Unicorn Ransomware and backups for recovering data should suffice for countering infections.
A Mythological Beast Charges Towards Your Docs
The organization of the file-locking Trojan industry into a series of overarching Ransomware-as-a-Services is both a blessing and a curse for PC users. While it gives ready accessibility to these attacks to any willing attacker, it also guarantees some level of consistency among Trojan payloads. When independently-programmed projects like the Unicorn Ransomware arise, the results can become less sure, but rarely benign.
Samples of the Unicorn Ransomware's unsigned Windows executable show that it's circulating with the name 'IMMUNI,' which can be the Italian word for 'immune' and is a possible reference to the Coronavirus. Further examination of its payload by malware researchers shows more disease terminology in the form of a UI window: a global statistics map for the Coronavirus. This feature is one of the various attempts by Trojans (the NetSupport Manager RAT, for example) of using the epidemic's theme as a distraction or lure to achieve installation.
Other parts of the Unicorn Ransomware's arsenal of attacks are far more ordinary: it encrypts files for 'locking' them from opening, adds extensions into the filenames (and includes a semi-random element), and changes the wallpaper to a custom, unicorn-themed warning. Additionally, its text ransom note provides more Italian: an overly-dramatic demand for several hundred Euros in Bitcoins, with notable Greek mythology references such as Prometheus's fire. To date, malware researchers see no ransoms in this wallet's history.
Sending Trojanized Mythology Back to History Where It Belongs
Quarantining samples of the Unicorn Ransomware may provide some assistance to interested members of the cyber-security community by determining the chances of a free decryptor's development. Decryption isn't always a reasonable possibility in file-locking Trojan attacks, and malware experts recommend against depending solely on easily-compromised backups on local Windows systems. For safety, storing spares of files on portable devices or password-protected cloud services will mitigate any illicit data tampering.
Users also should stay alert to potential tactics, including ones that might leverage news or industry interests against the victims. Coronavirus epidemic-themed attacks are rising and may deliver file-locking Trojans like the Unicorn Ransomware, Remote Access Trojans, spyware and other threats. The Unicorn Ransomware is, however, semi-unique for embedding a portion of the tactic inside of its payload instead of confining it to the installation exploits.
Windows anti-malware programs may find and remove the Unicorn Ransomware at acceptable rates, but can't overcome encryption attacks that block documents and other files indefinitely.
The Unicorn Ransomware might be aiming for Italian speakers for extorting, but it speaks a language that, like disease, is universal. While users can pray for vaccines, decryptors are in far more short a supply – and not always forthcoming.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.