Ethical hacking training specialists from the International Institute of Cyber Security (IICS) report the finding of a new variant of ransomware called Unnam3d; according to the reports, this malware moves the victim’s files to protected RAR files and, as a characteristic feature, the operators demand Amazon gift cards as a ransom.
The malware was first detected after a user
uploaded an infected file sample to the Crypto Sheriff platform looking for a
tool to recover their lost files.
According to the ethical hacking training
experts, the ransomware is mainly deployed via email. Once in the victim
system, the malicious software extracts an executable WinRar.exe in the %TEMP%
folder; subsequently, a command is executed to move the victim’s files stored
in folders as Images, Documents, Desktop, etc., to a specific directory in the
form of password-protected files.
Finally, the victims are shown the ransom note
requiring them to send a $50 USD Amazon
gift card in exchange for receiving the password of the protected file.
Ethical hacking training specialists believe
that Unnam3d developers have been operating this campaign of attacks since the
last days of March, managing to send the malware to about 300k email addresses.
According to reports, Unnam3d is hidden in so-called Adobe messages that ask
the user to update their Flash Player; clicking the “Update” button
triggers the download and execution of the ransomware.
This is not the first case that malicious
software requires sending gift cards in exchange for releasing encrypted files.
In 2017, cybersecurity experts detected an attack campaign dedicated to
blocking access to Mobile Safari until victims sent iTunes gift cards. Also,
this is not the first time that malicious software is impersonating a
legitimate software update, such as Adobe; these fake Adobe updates have also
been used by cryptojacking campaign operators.
