Unnam3d, the ransomware that demands Amazon gift cards

EDA2 Open-Source Ransomware Code Used in Real-Life Attacks

Ethical hacking training specialists from the International Institute of Cyber Security (IICS) report the finding of a new variant of ransomware called Unnam3d; according to the reports, this malware moves the victim’s files to protected RAR files and, as a characteristic feature, the operators demand Amazon gift cards as a ransom.

The malware was first detected after a user uploaded an infected file sample to the Crypto Sheriff platform looking for a tool to recover their lost files.

According to the ethical hacking training experts, the ransomware is mainly deployed via email. Once in the victim system, the malicious software extracts an executable WinRar.exe in the %TEMP% folder; subsequently, a command is executed to move the victim’s files stored in folders as Images, Documents, Desktop, etc., to a specific directory in the form of password-protected files.

Finally, the victims are shown the ransom note requiring them to send a $50 USD Amazon gift card in exchange for receiving the password of the protected file.

Ethical hacking training specialists believe that Unnam3d developers have been operating this campaign of attacks since the last days of March, managing to send the malware to about 300k email addresses. According to reports, Unnam3d is hidden in so-called Adobe messages that ask the user to update their Flash Player; clicking the “Update” button triggers the download and execution of the ransomware.

This is not the first case that malicious software requires sending gift cards in exchange for releasing encrypted files. In 2017, cybersecurity experts detected an attack campaign dedicated to blocking access to Mobile Safari until victims sent iTunes gift cards. Also, this is not the first time that malicious software is impersonating a legitimate software update, such as Adobe; these fake Adobe updates have also been used by cryptojacking campaign operators.