Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Jun 2020

How to remove UNNAM3D ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Olivia Morelli · Ransomware analyst

UNNAM3D ransomware is cryptovirus that uses Amazon Gift Cards as a payment method for the password that can decipher the locked files

UNNAM3D ransomware

UNNAM3D ransomware is a new string of crypto malware that was recently discovered in the wild. The virus is known to enter computers via spoofed hyperlinks embedded inside the phishing email that claims that recipient's that Adobe Flash Player is out of date. Soon after the infiltration, the threat looks up for files located in Desktop, Document and Pictures directory and compresses them into password-protected archives which use the .rar file extension. Malware then spawns a pop-up window titled Unnam3d – R@nsomware which explains to users what happened to their personal data. According to the author, victims have to buy Amazon Gift Card voucher worth $50 and link the code to the Discord user UNNAM3D#6666. Additionally, the threat actors threatens to delete the password after 24 hours of the infection. However, victims should not pay the ransom and rather focus on UNNAM3D ransomware removal and try alternative file decryption methods.

Name UNNAM3D
Also known as Unnam3d r@nsomware
Type Crypto malware
Developer Unname3d or Joshhh b (YouTube)
File extension .rar
Related files UNNAM3D – RANSM.exe, WinRar.exe
Encryption The compressed archives are protected with passwords based on AES
Delivery method Spam emails
Contact Discord: UNNAM3D#6666
Decryptable? No
Removal Use security tools that can recognize the threat, such as MalwarebytesMalwarebytes
Recovery To fix virus damage, use FortectIntego

Once the fake Adobe Update file is opened, UNNAM3D ransomware extracts WinRar.exe file into the Temp folder and executes a command %Temp%\WinRar.exe -m -r -p[password] [directory]. This process compiles all the files and compresses them into pictures.rar, documents.rar, and desktop.rar. Users will not be able to open this data unless they get the password from the attacker.

The pop-up window Unnam3d – R@nsomware states the following:

-YOUR FILES HAVE BEEN LOCKED-

What Happened?

All your personal files have been locked and you need to pay a ransom to get them back. You will have 24 hours to pay nor the password will be deleted of our servers making it impossible to get your files back.

How do i pay?

You will need to send an message to the below discord with a $50 amazon giftcard code. Then you will shortley get an message back with a password to unlock your files.

An interesting fact is that ransomware author uses trackable payment method – Amazon Gift Card. However, the hacker claims that he/she will not use them but rather resell them to other users to get the money. Additionally, Unname3d has a YouTube channel where he/she goes by the name Joshhh b. In one of the videos, the attack is showing the detection rate of UNNAM3D ransomware on a site called Spyral Scanner. 

Nevertheless, the detection rate of UNNAM3D virus on Vitus total currently is 33/68 under the following names:[1]

  • Trojan.GenericKD.41152365
  • Ransom.Unnamed
  • W32.Ransom.Unnam3d
  • Malware@#1rr983zar3af3
  • Trojan:Win32/Bitrep.A
  • Trojan.PWS.Siggen2.10903, etc.

Despite that, the hacker is trying to sell the malicious application for $1,500 to anybody willing to buy it. It is surprising how open the attacker is, as usually ransomware authors do the illegal business on the Dark Web and not on YouTube.

While there is no known decryptor for the malware yet, there is a high chance that it will be developed soon. Additionally, all the files that were kept in dedicated folders remain untouched. Thus, do not buy the Gift Card and instead remove UNNAM3D ransomware using security software. After that, scan your device with FortectIntego to restore Windows operation back to normal.

UNNAM3D r@ansomware virus

If you see Adobe Flash Update somewhere on the internet, beware it can be malware-related

Adobe Flash is notorious for its ever-growing number of security flaws.[2] In general the software is outdated, and most modern browsers do not require the plugin to function normally. Additionally, the “Your Adobe Flash is out of date” trick is widely used across all platforms to install malware on users' computers.

In case you do use Flash, please be sure you have automatic updates set up. Alternatively, you can also patch the software by visiting the official website. Never believe any claims about of outdated plugin that come from within your browser and, especially, the email.

However, spam emails can contain any type of content, as hackers are using social engineering to make users click on a malicious link or extract the attached file that contains the malicious payload. Therefore, to avoid getting infected via the email, follow these tips by industry experts:[3]

  • Most of the suspicious emails will end up in your Spam box, as built-in scanners contain the anti-phishing feature. Nevertheless, some malicious messages can slip through into your Inbox, so don't think it is completely safe;
  • When checking for phishing signs, carefully examine “From” address, as it is the biggest giveaway;
  • In the content, the author typically creates an urgency-filled situation, making the user believe that he or she has to open the attachment or click on the link as soon as possible;
  • The attackers often use similar email addresses to those legitimate ones, for example, management@mazoncanada.com (note the missing A in Amazon);
  • Scan all the attachments and links using tools like Virus Total.

Finally, employ a reputable security solution and keep it running at all times. Additionally, do not hesitate to create backups of your files – it is an ultimate savior when it comes to ransomware infections.

Terminate UNNAM3D r@nsomware from your device and do not pay $50 for the hacker

If you got infected with UNNAM3D virus, do not panic. As we already mentioned, the only locked files are located in your Pictures, Desktop and Documents folder. This feature was usually used by older crypto malware infections. However, victims can avoid such consequences if they simply keep their files elsewhere – and most do.

The first thing you should do is to take care of UNNAM3D ransomware removal. As long as the threat is present on your machine, it is not safe for work. Therefore, if you do not have a security application employed, download and install one. You should then run a full system scan. However, the virus might interfere with the operation of anti-malware software. In such a case, enter a secure environment where the functionality of the threat will be temporarily disabled – Safe Mode with Networking.

Once you remove UNNAM3D ransomware, you can then attempt to recover your data. If the virus failed to delete Shadow Volume Copies, you have a high chance you can restore all your personal files using third-party security software. You will find download links below.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.