Mammon Ransomware

By CagedTech in Ransomware

Translate To:

A new variant belonging to the Makop Ransomware family has been observed in the wild. Named the Mammon Ransomware by cybersecurity researchers, the threat acts as typical ransomware. Its goal is to lock the files located on the compromised computer systems and then extort the victims for monetary gains.

Just like other variants from the Makop Ransomware family, when the Mammon Ransomware encrypts a file, it changes that file's original name drastically. Users will notice that nearly all of their files will now have a random string of characters, followed by an email address, and finally '.mammon' appended to their names. The email in question is 'mammon0503@tutanota.com.' After the encryption routine has finished its job, the threat will proceed to deliver its ransom note as 'FILES ENCRYPTED.txt' text files.

According to the instructions left by the hackers, affected users will have to pay a ransom using the Bitcoin cryptocurrency. The exact sum is not mentioned, but users are told that they should initiate communication to receive additional payment details. For that purpose, four different email addresses are provided in the ransom note - 'mammon0503@tutanota.com,' 'mammon0503@protonmail.com,' 'samsung00700@tutanota.com,' or 'pecunia0318@goat.si.' Two files with simple extensions, such as .jpg, .xls, .doc are less than 1MB in size, can be attached to the email, and will supposedly be decrypted for free.

The full text of Mammon Ransomware's note is:

'::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted and now have the "mammon" extension. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay in bitcoins.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: mammon0503@tutanota.com or mammon0503@protonmail.com or samsung00700@tutanota.com or pecunia0318@goat.si
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don’t want to pay bad people like you?
A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money.
:::BEWARE:::
DON'T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Mammon Ransomware

Submit Comment

Related Posts

Mammon.A Ransomware

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen