UNNAM3D Ransomware Locks Files in Protected Archives, Demands Gift Cards (Mar 28, 2019)
BleepingComputer became aware of a new ransomware called "Unnam3d R@nsomware," that is encrypting a user's files into a password-protected RAR archive file and demands a $50 USD Amazon gift card code to decrypt the files. The ransomware is distributed via fake Adobe Flash Player update phishing emails, and once it gets onto a system it will begin moving files in the Documents, Pictures, and Desktop folders of a drive into individual RAR archives. A ransom note will pop up stating that a user needs to purchase an Amazon gift card code before receiving their files back. According to the unknown threat actors, they request the gift card code to then sell to other customers.
Recommendation: It is important that your company institute policies to educate your employees on phishing attacks. Specifically, how to identify such attacks and whom to contact if a phishing email is identified. Furthermore, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues and management to assist in identifying potential malicious communications.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.