UNNAMED1989 Ransomware

The UNNAMED1989 Ransomware is an encryption ransomware Trojan that was first observed carrying out attacks on December 1, 2018. The UNNAMED1989 Ransomware has been responsible for numerous attacks on the computer users residing in China. According to reports from security analysts, the UNNAMED1989 Ransomware has infected more than one hundred thousand devices. This is due to the distribution methods being used to deliver the UNNAMED1989 Ransomware to its targets. The UNNAMED1989 Ransomware is being delivered mainly by integrating it into a free application used to manage multiple QQ accounts, which is a popular messaging service in China used both by individual computer users and businesses.

Why the UNNAMED1989 Ransomware Attacks a Computer

The UNNAMED1989 Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible. The UNNAMED1989 Ransomware runs in the background, encrypts the victim's files, and targets the user-generated files such as files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The UNNAMED1989 Ransomware also scans the infected computer for login information for popular online services such as Tmall, Aliwangwang, Alipay, 163 Mailbox, Baidu Cloud, Jingdong and QQ, all used in China, apart from encrypting the victim's files. The UNNAMED1989 Ransomware attack's scale has led to it receiving quite a bit of attention.

How the Criminals Make Money from Threats Like the UNNAMED1989 Ransomware

The criminals responsible for the UNNAMED1989 Ransomware attack demand a ransom payment of 110 Yuan ($16) to recover from the UNNAMED1989 Ransomware attack. Apart from the payments from the infected computer users, the criminals also make money by selling any compromised accounts and login data to third parties willing to pay for compromised user accounts that can be then be used for other tactics. The UNNAMED1989 Ransomware demands its payment through the WeChat payment system, which has led to the UNNAMED1989 Ransomware being referred to as the 'WeChat Ransomware' occasionally.

Protecting Your Data from the UNNAMED1989 Ransomware

Fortunately, the victims of the UNNAMED1989 Ransomware attack can decrypt the compromised data currently. This is possible because the UNNAMED1989 Ransomware uses the XOR encryption, which is implemented poorly, and the authors of the UNNAMED1989 Ransomware left the decryption key embedded in the UNNAMED1989 Ransomware's program code, which allowed PC security researchers to release decryption programs to help the victims of the UNNAMED1989 Ransomware attack recover their data. However, since it is unusual to be able to recover from these attacks, prevention is crucial. Having file backups and a good security program is the most effective method to keep your data safe from threats like the UNNAMED1989 Ransomware.