UNNAM3D Ransomware
The UNNAM3D Ransomware is a file-locking Trojan that moves your media files into RAR archives that it protects with a password. The contents of Windows folders like Documents and Downloads are at risk especially, and there is no free solution to this threat's attacks currently. Have your anti-malware products delete the UNNAM3D Ransomware on sight and avoid its infection vectors, which include e-mail attachments and fake software updates.
The Unwilling Partnership of WinRAR and Another Trojan
The practice of subverting legitimate programs for an illegitimate need is a tactic that sometimes appears throughout various threatening software campaigns. It's at its most unambitious, possibly, when file-locking Trojans use it as a substitute for individual file encryption. The UNNAM3D Ransomware, with a payload that's evocative of the WinRarer Ransomware and the ZipLocker Ransomware, uses WinRAR for just such a purpose.
The UNNAM3D Ransomware is a brand-new Trojan from a threat actor who uses the alias of Unnam3d; the developer also maintains a variety of other 'Black Hat' programs, including clipboard-hijacking spyware and Distributed-Denial-of-Service or DDoS Trojans. The UNNAM3D Ransomware's campaign is, supposedly, in circulation to at least thirty thousand targets, at this time, and using what malware experts are confirming is a series of e-mail messages pretending that they're Flash updates. Victims following the download link (which pretends that it's from Adobe) compromise their PCs with the UNNAM3D Ransomware, which launches its WinRAR-based attack.
The UNNAM3D Ransomware drops WinRAR's executable and uses command-line directions for moving the contents of folders like Pictures and Documents into RAR archives, which it blocks with passwords. After completing this task, it loads a pop-up window with equally-unusual ransoming instructions. Unlike the file-locking Trojans of most families, the UNNAM3D Ransomware asks for a fifty-dollar-value gift card from Amazon, instead of Bitcoins or vouchers. The security issues of this payment method are of no concern to Unnam3d, who claims that he's selling them to third parties, rather than using them personally.
Overcoming an Unnameable Archival Process
Passworded archive compression is not anything unusual for a file-locking Trojan, although it's, arguably, less professional or comprehensive than locking files with encryption on a one-by-one basis. Our malware researchers haven't found any vulnerabilities that would make cracking the UNNAM3D Ransomware's password storage highly likely, and users should be careful about protecting their files appropriately. Backing your work up to locations that aren't in danger, such as any detachable USB, will give you a non-ransom-based recovery solution for your media.
The infection strategy the UNNAM3D Ransomware uses, currently, is a high-visibility attack that most users should know well enough for avoiding. Legitimate software updates for Adobe's Flash never arrive through unsolicited e-mail links. Use Flash's built-in updating features, when possible, or navigate manually to the official website for manual patches. Strong anti-malware products can provide last-minute protection by removing the UNNAM3D Ransomware either before or after an attack.
Even though WinRAR is, usually, a tool for technological good, even the best of programs can be put to misuse by creative and greedy threat actors, which calls for PC owners protecting themselves with just as much drive. The UNNAM3D Ransomware, as one of a parcel of threats from its author, may remind users of that, if they forget it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.