UNNAM3D Ransomware Locks Files in Protected Archives, Demands Gift Cards

by chebbi abir

A new ransomware called Unnam3d R@nsomware is being distributed via email that will move a victim’s files into password protected RAR archives.  The ransomware then demands a $50 Amazon gift card code in order to get the archive password.

BleepingComputer became alerted to the ransomware after a victim submitted it to our site and asked for help.  While the user stated that they received ransomware via email, they did not provide a sample of the email they received.

When executed, the ransomware will extract a bundled WinRar.exe executable to the %Temp% folder and execute the %Temp%\WinRar.exe -m -r -p[password] [directory] command in order to move files in the specified directory to a password protected archive.

During this process, the ransomware will move the files under the Documents, Pictures, and Desktop folder into their own individual RAR archives.[….]

The ransomware screen tells the victim that they need to purchase a $50 Amazon gift certificate and then contact the ransomware developer named Unname3d on Discord. Supposedly, once a victim supplied the gift card code, the developer will provide the archive password so that they can recover their files.

The full text of the screen is below:

All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay nor the password will be deleted of our servers making it impossible to get your files back.

You will need to send an message to the below discord with  a $50 amazon giftcard code. Then you will shortley get an message back with  a password to unlock your files.

The good news is that there may be a way to get your files back for free, so if you become infected please leave a comment here or contact us via private message and we will see what we can do to help.

To read the original article:



Interdit de copier  ce contenu