Threat Database Ransomware M88P Ransomware

M88P Ransomware

The M88P Ransomware is a file-locking Trojan from the AES-Matrix Ransomware family. It blocks the user's files, typically targeting valuable media like documents, by encrypting them with a secured algorithm, which stops them from opening. Users should ignore ransom demands and use other recovery options, if possible while having an appropriate security solution to delete the M88P Ransomware.

Social Engineering Updates in Trojan Families

As the file-locker Trojan industry cements its operating procedures in place, like any business, some actors seek improvement and evolution instead of resting on their laurels. Exemplary of this work ethic is the AES-Matrix Ransomware family, which leans into improving its ransom techniques recently – after attacking victims since 2017. However, while this M88P Ransomware update's means of asking for money are new, it requires no changes to improve its relatively-flawless feature for locking files.

The M88P Ransomware targets Windows environments with its AES-based encryption routine, a secure method of keeping the victims' files from opening. It attacks most of the usual formats that Trojans of this type prey upon, such as documents, spreadsheets, or images and includes network-accessible and virtual drives. The files' names receive a total revamp that adds the campaign's extension and e-mail address and the victim's ID.

There are few weaknesses to this data sabotage, which the M88P Ransomware monetizes with an RTF document that delivers ransom instructions for the attacker's help on recovery. While the M88P Ransomware maintains the old template (see the recent JJLF Ransomware, for comparison) primarily, it has an extra paragraph. The new text provides a live chatting service through uTox, similar to unrelated .waiting Ransomware from last year.

As users grow more suspicious of trusting extortionists that promise data recovery, social engineering features like these provide criminals with more negotiating platforms and a user-friendly appearance.

The Trojan Problems that Even Backups can't Fix

The M88P Ransomware keeps intact the threat – idle or otherwise – that the attackers will leak data to the public or even sell it for the campaign's bottom line. Additionally, users who pay the ransom don't get a guarantee of full media recovery, and criminals may use negotiations for further attacks or bad-faith arguments. Although a backup in a sufficiently-safe location is crucial for restoring any locked files, malware experts also highly recommend preventing infections entirely.

Users have different ways at their disposal of blocking possible infection attempts from the M88P Ransomware's campaign. The most appropriate options include:

  • Choosing passwords with sufficient complexity to resist a brute-force attack
  • Updating software for removing vulnerabilities like remote code execution
  • Disabling high-risk features (browser JavaScript and Flash, Word and Excel macros)
  • Scanning unusual downloads, e-mail attachments, especially

If given a chance, most security services will block drive-by-downloads and delete the M88P Ransomware before harm comes to the user's files. Both business entities and home users are at risk from the encryption, which is a general-purpose means of locking files permanently without any free solution.

Variants of the M88P Ransomware's family are rampant, including the ANN Ransomware, the AL8G Ransomware, the MDRL Ransomware and numerous others. Although the extortion model works well, there always is room for tweaks, even if it's just improving how criminals ask for undeserved ransoms.


Most Viewed