Threat Database Ransomware MMM Ransomware

MMM Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: August 15, 2017
Last Seen: March 6, 2019
OS(es) Affected: Windows

The MMM Ransomware is an encryption ransomware Trojan that was first observed on August 14, 2017. Like most encryption ransomware Trojans, the purpose of the MMM Ransomware is to encrypt the victim's files, making them unusable, and then demand a ransom payment in exchange for the decryption key necessary to recover the affected files. The MMM Ransomware does not seem to belong to a larger threat family. In its attack, the MMM Ransomware uses a combination of the AES 256 and RSA 2048 to make the victim's files inaccessible. After encrypting the victim's files, the MMM Ransomware uses the HMAC (Hash-based Message Authentication Code) to access its Command and Control servers and send information about the attack and the decryption key necessary to recover the affected files. The main way in which the MMM Ransomware is being delivered to victims is through the use of corrupted email attachments and embedded links, which are distributed using spam email messages that include a social engineering component to trick the victim into opening the corrupted content.

The Files Encrypted by the MMM Ransomware are Easy to Identify

The MMM Ransomware is very similar to most encryption ransomware Trojans active today. The MMM Ransomware uses its strong encryption method to make the victim's files unusable, targeting user-generated files such as audio, video, photos, and Microsoft Office documents (among many other file types). The MMM Ransomware uses AES encryption to make the files unusable and then the RSA encryption to make the decryption key inaccessible. The files encrypted in the MMM Ransomware attack are easy to identify because the MMM Ransomware will change their file extensions. The MMM Ransomware will add the file extension '.0x009d8a' to all files targeted by the attack.

The MMM Ransomware's Ransom Demand

Then, MMM Ransomware will demand a ransom. The MMM Ransomware does this by delivering a ransom note to the victim's computer. The ransom note is named 'RESTORE_0x009d8a_FILES.html' and is placed on the infected computer's desktop. The MMM Ransomware demands a ransom of 1.2 Bitcoin (approximately 5105 USD or 4347 EUR at the current exchange rate). According to the MMM Ransomware, the victim only has six days to pay the ransom if there is any chance of restoring the affected data. The following is the full text of the MMM Ransomware ransom note:

What happend with my files?
All your databases corrupted. All your files has been locked ( encrypted) with Ransomware
For encrypting we using strong cryptographic algorithm AES256+RSA-2048 .Do not attempt to recover the files yourself.
You might corrupt your files. We also rewrite all old blocks on HDD and you don`t recover your files with Recuva and other...
It is not advised to use third party tools to decrypt,if we find them you ,you will forever lose your files.
How i can restore my files?
Go to BTC exchange services and buy 1,2 Bitcoin 3) Send it to address 151F8ufANwCohXzteZ2mauvHLvkS8WmEFT and write us email to address for giving your key and decryption tool. In subject write your Unique ID
BTC Guide:
Top BTC exchange sites: LocalBitcoins (We recomend), Coinbase, BTC-E,
Online wallets: BlockchainInfo,'

Dealing with a MMM Ransomware Infection

It is not a secure move to pay the MMM Ransomware ransom or contact the people responsible for the attack. They don't use to return access to the infected files and, even if they do, paying the MMM Ransomware ransom allows them to continue creating and developing ransomware Trojans like the MMM Ransomware in the future. Instead of paying the MMM Ransomware ransom, malware analysts advise taking precautions. The best precaution against threats like the MMM Ransomware is to have file backups that can't be reached by the threat. In the event of an attack, the affected files can be restored from the backup copies.

Related Posts


Most Viewed