MMM Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 1 |
| First Seen: | August 15, 2017 |
| Last Seen: | March 6, 2019 |
| OS(es) Affected: | Windows |
The MMM Ransomware is an encryption ransomware Trojan that was first observed on August 14, 2017. Like most encryption ransomware Trojans, the purpose of the MMM Ransomware is to encrypt the victim's files, making them unusable, and then demand a ransom payment in exchange for the decryption key necessary to recover the affected files. The MMM Ransomware does not seem to belong to a larger threat family. In its attack, the MMM Ransomware uses a combination of the AES 256 and RSA 2048 to make the victim's files inaccessible. After encrypting the victim's files, the MMM Ransomware uses the HMAC (Hash-based Message Authentication Code) to access its Command and Control servers and send information about the attack and the decryption key necessary to recover the affected files. The main way in which the MMM Ransomware is being delivered to victims is through the use of corrupted email attachments and embedded links, which are distributed using spam email messages that include a social engineering component to trick the victim into opening the corrupted content.
Table of Contents
The Files Encrypted by the MMM Ransomware are Easy to Identify
The MMM Ransomware is very similar to most encryption ransomware Trojans active today. The MMM Ransomware uses its strong encryption method to make the victim's files unusable, targeting user-generated files such as audio, video, photos, and Microsoft Office documents (among many other file types). The MMM Ransomware uses AES encryption to make the files unusable and then the RSA encryption to make the decryption key inaccessible. The files encrypted in the MMM Ransomware attack are easy to identify because the MMM Ransomware will change their file extensions. The MMM Ransomware will add the file extension '.0x009d8a' to all files targeted by the attack.
The MMM Ransomware’s Ransom Demand
Then, MMM Ransomware will demand a ransom. The MMM Ransomware does this by delivering a ransom note to the victim's computer. The ransom note is named 'RESTORE_0x009d8a_FILES.html' and is placed on the infected computer's desktop. The MMM Ransomware demands a ransom of 1.2 Bitcoin (approximately 5105 USD or 4347 EUR at the current exchange rate). According to the MMM Ransomware, the victim only has six days to pay the ransom if there is any chance of restoring the affected data. The following is the full text of the MMM Ransomware ransom note:
'YOUR UNIQ IDENTIFICATOR: [10 RANDOM CHARCTERS]
What happend with my files?
All your databases corrupted. All your files has been locked ( encrypted) with Ransomware
For encrypting we using strong cryptographic algorithm AES256+RSA-2048 .Do not attempt to recover the files yourself.
You might corrupt your files. We also rewrite all old blocks on HDD and you don`t recover your files with Recuva and other...
YOU HAVE ONLY 6 DAYS FOR BUY YOUR DECRYPTION TOOL
It is not advised to use third party tools to decrypt,if we find them you ,you will forever lose your files.
How i can restore my files?
Go to BTC exchange services and buy 1,2 Bitcoin 3) Send it to address 151F8ufANwCohXzteZ2mauvHLvkS8WmEFT and write us email to address unransom@mail.com for giving your key and decryption tool. In subject write your Unique ID
BTC Guide:
Top BTC exchange sites: LocalBitcoins (We recomend), Coinbase, BTC-E,
Online wallets: BlockchainInfo, Block.io'
Dealing with a MMM Ransomware Infection
It is not a secure move to pay the MMM Ransomware ransom or contact the people responsible for the attack. They don't use to return access to the infected files and, even if they do, paying the MMM Ransomware ransom allows them to continue creating and developing ransomware Trojans like the MMM Ransomware in the future. Instead of paying the MMM Ransomware ransom, malware analysts advise taking precautions. The best precaution against threats like the MMM Ransomware is to have file backups that can't be reached by the threat. In the event of an attack, the affected files can be restored from the backup copies.
