UNNAM3D ransomware (Virus Removal Guide) - Decryption Methods Included

by Olivia Morelli - - 2019-03-29 | Type: Ransomware

UNNAM3D virus Removal Guide

Description Quick solution Instructions Prevention

What is UNNAM3D ransomware?

UNNAM3D ransomware is cryptovirus that uses Amazon Gift Cards as a payment method for the password that can decipher the locked files

UNNAM3D ransomware UNNAM3D ransomware is a virus that archives files located in Pictures, Desktop and Documents folders and locks them with a password

UNNAM3D ransomware is a new string of crypto malware that was recently discovered in the wild. The virus is known to enter computers via spoofed hyperlinks embedded inside the phishing email that claims that recipient's that Adobe Flash Player is out of date. Soon after the infiltration, the threat looks up for files located in Desktop, Document and Pictures directory and compresses them into password-protected archives which use the .rar file extension. Malware then spawns a pop-up window titled Unnam3d – R@nsomware which explains to users what happened to their personal data. According to the author, victims have to buy Amazon Gift Card voucher worth $50 and link the code to the Discord user UNNAM3D#6666. Additionally, the threat actors threatens to delete the password after 24 hours of the infection. However, victims should not pay the ransom and rather focus on UNNAM3D ransomware removal and try alternative file decryption methods.

Name	UNNAM3D
Also known as	Unnam3d r@nsomware
Type	Crypto malware
Developer	Unname3d or Joshhh b (YouTube)
File extension	.rar
Related files	UNNAM3D – RANSM.exe, WinRar.exe
Encryption	The compressed archives are protected with passwords based on AES
Delivery method	Spam emails
Contact	Discord: UNNAM3D#6666
Decryptable?	No
Removal	Use security tools that can recognize the threat, such as Malwarebytes
Recovery	To fix virus damage, use FortectIntego

Once the fake Adobe Update file is opened, UNNAM3D ransomware extracts WinRar.exe file into the Temp folder and executes a command %Temp%\WinRar.exe -m -r -p[password] [directory]. This process compiles all the files and compresses them into pictures.rar, documents.rar, and desktop.rar. Users will not be able to open this data unless they get the password from the attacker.

The pop-up window Unnam3d – R@nsomware states the following:

-YOUR FILES HAVE BEEN LOCKED-

What Happened?

All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay nor the password will be deleted of our servers making it impossible to get your files back.

How do i pay?

You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files.

An interesting fact is that ransomware author uses trackable payment method – Amazon Gift Card. However, the hacker claims that he/she will not use them but rather resell them to other users to get the money. Additionally, Unname3d has a YouTube channel where he/she goes by the name Joshhh b. In one of the videos, the attack is showing the detection rate of UNNAM3D ransomware on a site called Spyral Scanner.

Nevertheless, the detection rate of UNNAM3D virus on Vitus total currently is 33/68 under the following names:^[1]

Trojan.GenericKD.41152365
Ransom.Unnamed
W32.Ransom.Unnam3d
Malware@#1rr983zar3af3
Trojan:Win32/Bitrep.A
Trojan.PWS.Siggen2.10903, etc.

Despite that, the hacker is trying to sell the malicious application for $1,500 to anybody willing to buy it. It is surprising how open the attacker is, as usually ransomware authors do the illegal business on the Dark Web and not on YouTube.

While there is no known decryptor for the malware yet, there is a high chance that it will be developed soon. Additionally, all the files that were kept in dedicated folders remain untouched. Thus, do not buy the Gift Card and instead remove UNNAM3D ransomware using security software. After that, scan your device with FortectIntego to restore Windows operation back to normal.

UNNAM3D is file locking virus that damns to pay with a $50 worth of Amazon Gift card for file redemption

If you see Adobe Flash Update somewhere on the internet, beware it can be malware-related

Adobe Flash is notorious for its ever-growing number of security flaws.^[2] In general the software is outdated, and most modern browsers do not require the plugin to function normally. Additionally, the “Your Adobe Flash is out of date” trick is widely used across all platforms to install malware on users' computers.

In case you do use Flash, please be sure you have automatic updates set up. Alternatively, you can also patch the software by visiting the official website. Never believe any claims about of outdated plugin that come from within your browser and, especially, the email.

However, spam emails can contain any type of content, as hackers are using social engineering to make users click on a malicious link or extract the attached file that contains the malicious payload. Therefore, to avoid getting infected via the email, follow these tips by industry experts:^[3]

Most of the suspicious emails will end up in your Spam box, as built-in scanners contain the anti-phishing feature. Nevertheless, some malicious messages can slip through into your Inbox, so don't think it is completely safe;
When checking for phishing signs, carefully examine “From” address, as it is the biggest giveaway;
In the content, the author typically creates an urgency-filled situation, making the user believe that he or she has to open the attachment or click on the link as soon as possible;
The attackers often use similar email addresses to those legitimate ones, for example, management@mazoncanada.com (note the missing A in Amazon);
Scan all the attachments and links using tools like Virus Total.

Finally, employ a reputable security solution and keep it running at all times. Additionally, do not hesitate to create backups of your files – it is an ultimate savior when it comes to ransomware infections.

Terminate UNNAM3D r@nsomware from your device and do not pay $50 for the hacker

If you got infected with UNNAM3D virus, do not panic. As we already mentioned, the only locked files are located in your Pictures, Desktop and Documents folder. This feature was usually used by older crypto malware infections. However, victims can avoid such consequences if they simply keep their files elsewhere – and most do.

The first thing you should do is to take care of UNNAM3D ransomware removal. As long as the threat is present on your machine, it is not safe for work. Therefore, if you do not have a security application employed, download and install one. You should then run a full system scan. However, the virus might interfere with the operation of anti-malware software. In such a case, enter a secure environment where the functionality of the threat will be temporarily disabled – Safe Mode with Networking.

Once you remove UNNAM3D ransomware, you can then attempt to recover your data. If the virus failed to delete Shadow Volume Copies, you have a high chance you can restore all your personal files using third-party security software. You will find download links below.

Offer

do it now!

Download
Fortect Happiness
Guarantee Download
Intego Happiness
Guarantee

Compatible with Microsoft Windows Compatible with macOS

What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.

Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Fortect review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.

Download SpyHunter 5 Review »

Malwarebytes

Alternative Software

Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Download Combo Cleaner Review »

Getting rid of UNNAM3D virus. Follow these steps

Manual removal using Safe Mode

You can enter Safe Mode with Networking if UNNAM3D ransomware is tampering with removal tools:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment.

Windows 7 / Vista / XP

Click Start > Shutdown > Restart > OK.
When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

Right-click on Start button and select Settings.
Scroll down to pick Update & Security.
On the left side of the window, pick Recovery.
Now scroll down to find Advanced Startup section.
Click Restart now.
Select Troubleshoot.
Go to Advanced options.
Select Startup Settings.
Press Restart.
Now press 5 or click 5) Enable Safe Mode with Networking.

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Click on More details.
Scroll down to Background processes section, and look for anything suspicious.
Right-click and select Open file location.
Go back to the process, right-click and pick End Task.
Delete the contents of the malicious folder.

Step 3. Check program Startup

Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
Go to Startup tab.
Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

Type in Disk Cleanup in Windows search and press Enter.
Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
Scroll through the Files to delete list and select the following:

Temporary Internet Files
Downloads
Recycle Bin
Temporary files
Pick Clean up system files.
You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

%AppData%
%LocalAppData%
%ProgramData%
%WinDir%

After you are finished, reboot the PC in normal mode.

Remove UNNAM3D using System Restore

System Restore can also be used for UNNAM3D r@nsomware removal:

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
1. Click Start → Shutdown → Restart → OK.
2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
3. Select Command Prompt from the list
Windows 10 / Windows 8
1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
2. Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
1. Once the Command Prompt window shows up, enter cd restore and click Enter.
2. Now type rstrui.exe and press Enter again..
3. When a new window shows up, click Next and select your restore point that is prior the infiltration of UNNAM3D. After doing that, click Next.
4. Now click Yes to start system restore.
Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that UNNAM3D removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove UNNAM3D from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by UNNAM3D, you can use several methods to restore them:

Recover your data

Try to recover your files using Data Recovery Pro

Data Recovery Pro is professional recovery software that might be able to help you recover .rar files.

Download Data Recovery Pro;
Follow the steps of Data Recovery Setup and install the program on your computer;
Launch it and scan your computer for files encrypted by UNNAM3D ransomware;
Restore them.

Make use of Windows Previous Versions Feature

If you had System Restore enabled, Windows Previous Versions Feature might help you recover individual files.

Find an encrypted file you need to restore and right-click on it;
Select “Properties” and go to “Previous versions” tab;
Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer might be the answer

In case the virus failed to remove Shadow Volume Copies, you will be able to restore files using ShadowExplorer.

Download Shadow Explorer (http://shadowexplorer.com/);
Follow a Shadow Explorer Setup Wizard and install this application on your computer;
Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from UNNAM3D and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author

Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions

References

^ UNNAM3D - RANSM.exe. Virus Total. URL and file analyzer.
^ Multiple Vulnerabilities in Adobe Flash Player Could Allow for Arbitrary Code Execution (APSB18-24). CIS. Center for Internet Security.
^ Virusai. Virusai. Security researchers.