Threat Database Ransomware MMLocker Ransomware

MMLocker Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 18,745
Threat Level: 80 % (High)
Infected Computers: 878
First Seen: August 10, 2016
Last Seen: February 9, 2023
OS(es) Affected: Windows

The MMLocker Ransomware is a ransomware Trojan uncovered in early March of 2016. The MMLocker Ransomware is a variant of numerous encryption Trojans that have been active for a while. The MMLocker Ransomware encrypts the victim's files using its encryption algorithm and adds the extension '.LOCKED' to each file that the MMLocker Ransomware encrypts. The MMLocker Ransomware uses a particularly long ransom note in which the victim is begged and repeatedly asked to pay the MMLocker Ransomware ransom to recover the files. Unfortunately, ransomware Trojans are increasing in number in the wild, and attacks are becoming more common. It characterizes why you need to take measures to protect your computer, including the use of reliable backup methods and strong anti-malware software that is fully up-to-date.

The Pitiful Ransom Note Displayed by the MMLocker Ransomware

PC security analysts first observed the MMLocker Ransomware early in March. The MMLocker Ransomware receives its name because the path associated with the MMLocker Ransomware attack includes 'c:\mm\mm\obj\Release\mm.pdb.' The MMLocker Ransomware uses an attack that is straightforward, dropping ransom notes on the victim's computer. The file name for the ransom note associated with the MMLocker Ransomware is 'READ_IT.txt,' and a copy is dropped on the victim's Desktop. The Desktop wallpaper image is also changed automatically, downloaded from Imgur and set as the background. The main aspect of the MMLocker Ransomware that has caught the attention of PC security researchers is the length of its ransom note which is particularly long and uses extraordinary language and measures to try to convince the victim to pay the MMLocker Ransomware's ransom.

Understanding the MMLocker Ransomware Attack

The MMLocker Ransomware is designed to scan the victim's computer for files with certain extensions, encrypting them with its included encryption algorithm. The MMLocker Ransomware searches for the following file types:

.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp.

The MMLocker Ransomware establishes a connection with its Command and Control server, retrieving the ransom amount and image for the Desktop wallpaper image. The MMLocker Ransomware relays information about the encrypted files and the victim's computer. The MMLocker Ransomware will also download a tool for decryption from its Command and Control server (however, the decryption key itself is not located on the victim's computer, making it almost impossible to recover the encrypted files without access to the decryption key).

Trends Associated with the MMLocker Ransomware and Other Encryption Ransomware Attacks

Ransomware Trojans like the MMLocker Ransomware are becoming more common in the wild.There are an increasing number of variants. The fact that so many ransomware Trojans are active today means that it is likelier than ever that computer users may become infected with these threats. One of the reasons for the significant ransomware proliferation is that code is reused from one variant to another constantly. However, despite that code been reused too much, the con artists are coming up with new ways of compelling inexperienced computer users so that they will pay the ransom. The best way to protect yourself from the MMLocker Ransomware and the numerous other ransomware variants is to make sure that you have a backup copy of all your files. If you can recover your files from a backup, then the people responsible for the MMLocker Ransomware and other ransomware Trojans have no way of forcing you to pay for the ransom. You should ensure that your computer is well-protected with a reliable security program that is fully up-to-date.


Most Viewed