MMM Reborn V4 Ransomware

By GoldSparrow in Ransomware

Translate To:

The MMM Reborn V4 Ransomware is a major update to the line of the MMM Ransomware that began back in August 2017. The MMM Reborn V4 Ransomware emerged on March 26th, 2019 and follows the big release of the TripleM Ransomware from May 2018. The MMM/TripleM Ransomware family was reported to be in a decline towards the end of 2018, but it appears the ransomware actors needed time to polish a new version. The MMM Reborn V4 Ransomware includes new encryption routines and the Trojan combines the use of regular EXE files and simple BAT files now. The MMM Reborn V4 Ransomware is designed to encipher data with the following extensions:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The MMM Reborn V4 Ransomware may enter systems via compromised remote desktop accounts and inflict significant damage on poorly protected servers. The MMM Reborn V4 Ransomware may spread to connected devices and interrupt the work of various database managers. The MMM Reborn V4 Ransomware may drop 'ecorp.bat' to the startup directory of compromised hosts and load a custom ransom message after a system reboot. The MMM Reborn V4 Ransomware actors may continue to use the 'mmm_reborn@tutamail.com' email address in communications with users, and they may use new accounts as a way to reflect updates and avoid detection. The Trojan is known to write 'DECRYPT_FILES.txt' to the user’s desktop and Documents directory. You can find the content of 'DECRYPT_FILES.txt' listed below:

'TRIPLE(MMM) REBORN RANSONWARE v4
What happened to your files?
Your stupid IT Dept. not secure your systems and all of your files were encrypted. Your files were encrypted by a strong encryption with RSA2048.
What do I do?
So,there are two ways you choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way. If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment.
You can send to mmm_reborn@tutamail.com 2-3 random files <2mb and we decrypt it for Free. !!!DO NOT TRY RESTORE YOUR FILES. !!!DO NOT USING DIFFERENT DECRYPTION SOFTWARE. !!!FILES MAY BE DECRYPTED ONLY WITH OUR SOFTWARE. YOUR PERSONAL DETAILS YOUR DECRYPTION PRICE: IF YOU PAY WITHIN 7 DAY - 8 BITCOIN IF YOU NOT PAY WITHIN 7 DAY - 12 BITCOIN WALLET ADRESS 1MMbgkg$S82t4WCAYkKMVCsWAnwnrzUpP UNIQ USER ID: [random characters] INSTRUCTION 1)Buy Bitcoin on btc exchange sites (Coinbase, Localbitcoins, Coinmama and another). For buy Bitcoin you need confirm your Identity. Buy Bitcoin offline in ATM or from seller https://coinatmradar.com/ 2)Send BITCOIN to your personal wallet address 1MMMbgkgSS82t4WCAYWEVCsWAawnrzUpP 3)Write us to email mmm_reborrgtutamail.com in subject write your UNIQ USER ID 4)After we confirm payment - we send you decryption software and Private Key for decrypt your files. TRIPLE(MMM) REBORN RANSONWARE v4'

Most of the devices breached by the MMM Reborn V4 Ransomware are parts of company networks and small businesses. The threat actors are believed to exploit software vulnerabilities in Internet-facing systems and try default login credentials for routers in the Ransomware attacks. Server administrators and PC users are advised to avoid contact with the cybercriminals via any communication avenue including the 'mmm_reborn@tutamail.com' email account. As you can see above, the MMM/TripleMM team demands an absurd payment of 8 Bitcoin (≈$32,200/€28,550). Paying the money is not guaranteed to secure you a decryptor for your data. It is far safer to use a backup manager and backup images for your recovery needs. Threats like the MMM Reborn V4 Ransomware self-destruct usually, but it may be prudent to scan the infected devices just in case. Detection names for the MMM Reborn V4 Ransomware are listed below:

Gen:Trojan.Heur.DNP.cm0@aiLPomb
Generic.mg.79dba7d57c7e9baa
HEUR:Trojan.MSIL.DelShad.gen
MSIL/Filecoder.RY!tr
Ransom.Win32.TRIPLEM.THCBGAI
Trojan.Filecoder!8.68 (CLOUD)
Trojan.Heur.DNP.E4D198
W32.Ransom.Reborn
Win32.Trojan.Heur.Akzj
Win32/Trojan.f5a

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

MMM Reborn V4 Ransomware

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen