- Dubbed as ‘UNNAM3D’, the ransomware archives users’ files found under Desktop, Documents, and Pictures in individual RAR archives.
- After infecting systems, UNNAM3D then asks victims’ to purchase $50 Amazon gift cards and send it to the malware developer on Discord.
A strange gift-card seeking ransomware has surfaced in the online space. It is reported that the ransomware which is known as UNNAM3D relies on a WinRAR executable program to archive user files found in the infected system. A victim submitted an attack instance to BleepingComputer which provided details about the ransomware.
How does it work?
- The WinRAR executable is extracted into the user’s ‘%Temp%’ folder. A command ‘%Temp%\WinRar.exe -m -r -p[password] [directory]’ gets executed in order to archive files with password protection.
- Files from folders such as Documents, Pictures, and Desktop are encrypted in individual RAR archives.
- After this, the ransomware presents a message which demands a ransom to be paid in the form of Amazon gift cards.
- The developer of UNNAM3D would provide the archive password once the gift cards are delivered to his account.
The big picture
BleepingComputer contacted the developer of the ransomware regarding its proliferation. In a conversation with BleepingComputer, the ransomware developer, who goes by the alias Unnam3d, stated that “they started their email campaign three days ago and have sent it to approximately 30 thousand people.”
“This email campaign pretends to be an email from Adobe stating that the recipient’s Adobe Flash Player is outdated and needs to be updated. These emails then contain a link to a fake Adobe Flash Player Update that installs the ransomware,” the ransomware developer added.
It was also discovered that the developer possessed other tools such as VNC hackers in his arsenal to launch different attacks.