Home Malware Programs Ransomware '.UNIT09 File Extension' Ransomware

'.UNIT09 File Extension' Ransomware

Posted: January 29, 2019

The '.UNIT09 File Extension' Ransomware is a file-wiping Trojan that pretends that it's locking your files with encryption temporarily. Unfortunately, its real attacks will overwrite the data and make any documents or similar content irretrievable. The users should keep backups as a means of protecting their work and anti-malware protection for removing the '.UNIT09 File Extension' Ransomware or, preferably, blocking would-be infections.

Welcome to the Data-Thrashing 'Unit 109' Project

A threat actor is launching attacks with a new Trojan that imitates a file-locking threat, but only for the sake of collecting its ransom. Instead of performing an encryption-based conversion of the victim's files for later retrieval, the '.UNIT09 File Extension' Ransomware destroys them effectively. Although malware experts haven't traced its infection strategies, yet, it appears likely of being in the wild and harming media indiscriminately, already.

The '.UNIT09 File Extension' Ransomware's executable refers to itself with the title of 'MewWare,' even though this campaign lacked a tangible connection with the so-called 'Android Mew-Ware' attacks back in 2016. Users running this tiny (less than ten kilobytes) Windows file open their files up to being attacked by what the '.UNIT09 File Extension' Ransomware's internal code calls its 'encryption' function. However, the '.UNIT09 File Extension' Ransomware doesn't lock the files safely, like Hidden Tear or the Scarab Ransomware – instead, it overwrites them with random strings.

Malware experts are discerning few restrictions on the formats and directories that the '.UNIT09 File Extension' Ransomware might damage relatively, although there are no examples, so far, of it harming Windows directly. When it finishes, the '.UNIT09 File Extension' Ransomware creates a Read Me TXT file referencing itself as the 'Unit 109 project' and asks for Bitcoins for its wallet within three days. Little does the victim know that even the threat actor's decrypt and restore any files that the '.UNIT09 File Extension' Ransomware harms.

Escaping a Ransom that Leaves no Safe Exit

The '.UNIT09 File Extension' Ransomware's campaign may be targeting specific business employees or other victims, as some of the details in its ransom note suggest. Business sector-based campaigns for extorting money after sabotaging data make heavy use of brute-force attacks and spam e-mails particularly, although other vectors for infection are far from unknown. Scanning e-mail downloads before opening them, avoiding enabled scripts or macros, and using secure logins are some of the defenses that malware experts recommend for all network admins.

No payments are being made to the '.UNIT09 File Extension' Ransomware's wallet, as of January 29th. Due to decryption's being impossible, only users with backups can guarantee that their files are safe for recovering from any attacks. As usual, your default anti-malware solutions should serve for uninstalling the '.UNIT09 File Extension' Ransomware or detecting it in advance.

The price that the '.UNIT09 File Extension' Ransomware asks for is affordable relatively, but also fruitless. Paying a criminal for attacking your computer is an investment that, in attacks like this one, doesn't return any dividends.

Loading...