UNNAM3D Ransomware uses WinRar For Encryption

According to journalists of the publication, the new extortionate software is distributed through spam, imitating the notification of the need to update the Adobe Flash Player. Once on the target computer, the malware copies the WinRAR executable file to the% Temp% directory and moves files from the Documents, Images, and Desktop folders to individual password-protected archives.

After the end of archiving, a message appears on the screen requesting redemption. The cybercriminal offers to contact him using the Discord messenger and, as a ransom, send a $50 gift card code for purchases in the Amazon online store. Having entered into correspondence with the author of the malware, experts found out that he does not plan to use certificates and is going to resell them.

In an interview with journalists, the attacker said that within the framework of this campaign, he sent out about 30,000 letters with a payload in three days. As it turned out, the creator of Unnam3d R@nsomware was also involved in the development of programs for DDoS attacks, an application for intercepting data from the clipboard and other malicious software.

According to the explanation on the developer’s website, WinRAR archives do not store passwords, but use them as one of the variables of the file compression and encryption algorithm. Therefore, for their recovery are ineffective any methods of hacking, except for brute force attacks. Fortunately, you can find utilities on the Internet to find passwords for such archives, so victims of Unnam3d R@nsomware can return their data without paying a ransom.