Home Malware Programs Ransomware UNNAMED1989 Ransomware

UNNAMED1989 Ransomware

Posted: December 6, 2018

The UNNAMED1989 Ransomware is a file-locker Trojan that blocks your media with the XOR encryption, creates ransoming messages, and collects login credentials for social network and e-mail accounts. The latter attack is part of the UNNAMED1989 Ransomware's distribution model, which exploits software that's specific to China regionally. Most anti-malware solutions should remove the UNNAMED1989 Ransomware safely on sight, although malware experts also are finding a high probability of free file decryption and restoration being possible.

Socializing on the Chinese Web Upgrades Its Danger Level

A file-locker Trojan's campaign is making good use out of regionally-specific software for compromising unprotects Windows PCs, with the unintentional help of Tencent's QQ instant-messaging program. While there are several, unique characteristics to the attacks of this threat, the UNNAMED1989 Ransomware, its internal programming expertise is, thankfully, low-level. Victims who avoid panicking and paying its ransom may find alternate ways of saving their files.

The UNNAMED1989 Ransomware is compromising PCs without appropriate anti-virus or other security software by distributing its installer as a compromised variant of the QQ multi-account-managing application. With over one hundred thousand infections verifiable by malware analysts' current estimates, its campaign is highly successful at spreading, but relies on opportunistic infections, instead of compromising specific victims with targeted spam e-mails or brute-force attacks. Some Chinese cyber-security researchers, also, are referring to the UNNAMED1989 Ransomware by the name of 'WeChat Ransom,' although its ransom note uses a warning screen with the titular 'UNNAMED1989' tag.

Malware researchers, also, are verifying the UNNAMED1989 Ransomware's use of XOR, as opposed to the DES-based encryption that its ransoming warning claims that it uses. This difference is significant since XOR is, already, one of the weaker choices for locking files. The UNNAMED1989 Ransomware's use of a static and hard-coded key, instead of a dynamic one for every victim, provides additional evidence that free decryption tools should be compatible with unlocking and recovering any of the files that the UNNAMED1989 Ransomware blocks.

Putting Names to the Rest of the UNNAMED1989 Ransomware's Dangers

Even though most of its payload is primitive, from the point-of-view of the average coder, the UNNAMED1989 Ransomware is a likely threat to any media files on the Windows systems. The UNNAMED1989 Ransomware carries one other characteristic worth noting: a feature for collecting account logins for socialization and e-mail services for Chinese users, such as Alipay, Baidu Cloud and Jingdong. Malware analysts suspect that this feature is part of the UNNAMED1989 Ransomware's distribution model for compromising future victims.

Most AV vendors have provided threat database updates that are specific to the UNNAMED1989 Ransomware and would let their security solutions detect and block it automatically. Despite these steps, the UNNAMED1989 Ransomware's success from a distributing standpoint is due to the users not installing appropriate security programs for their versions of Windows directly, along with launching unofficial QQ-management software without scanning it for threats beforehand. While any credible anti-malware product should eliminate the UNNAMED1989 Ransomware, for users who don't do so preemptively, any encrypted media may be retrievable with decryptors from companies such as Tencent, Huorong and Qihoo.

The UNNAMED1989 Ransomware is the very definition of a threat that profits off of careless and unsafe behavior from PC users. It also is a classic case of a file-locker Trojan that's lying happily, both about its identity and its attacks, when convenient, which shows off the practical issue with taking its ransoming demands at their word.

Loading...