UNNAM3D Ransomware uses WinRar For Encryption

The campaign for distributing the Unnam3d R@nsomware coder is documented by experts from the BleepingComputer portal. The malware uses the WinRAR utility to transfer the victim’s files to a password-protected archive and requires a $50 Amazon gift card to recover information. Security experts argue that there is an opportunity to decode the data without paying a ransom.

According to journalists of the publication, the new extortionate software is distributed through spam, imitating the notification of the need to update the Adobe Flash Player. Once on the target computer, the malware copies the WinRAR executable file to the% Temp% directory and moves files from the Documents, Images, and Desktop folders to individual password-protected archives.

After the end of archiving, a message appears on the screen requesting redemption. The cybercriminal offers to contact him using the Discord messenger and, as a ransom, send a $50 gift card code for purchases in the Amazon online store. Having entered into correspondence with the author of the malware, experts found out that he does not plan to use certificates and is going to resell them.

In an interview with journalists, the attacker said that within the framework of this campaign, he sent out about 30,000 letters with a payload in three days. As it turned out, the creator of Unnam3d R@nsomware was also involved in the development of programs for DDoS attacks, an application for intercepting data from the clipboard and other malicious software.

According to the explanation on the developer’s website, WinRAR archives do not store passwords, but use them as one of the variables of the file compression and encryption algorithm. Therefore, for their recovery are ineffective any methods of hacking, except for brute force attacks. Fortunately, you can find utilities on the Internet to find passwords for such archives, so victims of Unnam3d R@nsomware can return their data without paying a ransom.

In February 2018, a 19-year-old vulnerability was found in WinRAR, which allows secretly from the user to unpack files of a certain format into an arbitrary directory. The attackers immediately took advantage of the attackers – the JNEC.a malware distributed with its help encrypted the victims’ data and demanded 0.05 Bitcoin for restoring information. Unfortunately, the creators of the program made a mistake in the code, which made the return of files impossible.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Brave revealed onion addresses

Brave browser revealed onion addresses in DNS traffic

An anonymous information security expert published a study, according to which the Brave browser, operating …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.