Threat Database Ransomware MMM Reborn V4 Ransomware

MMM Reborn V4 Ransomware

By GoldSparrow in Ransomware

The MMM Reborn V4 Ransomware is a major update to the line of the MMM Ransomware that began back in August 2017. The MMM Reborn V4 Ransomware emerged on March 26th, 2019 and follows the big release of the TripleM Ransomware from May 2018. The MMM/TripleM Ransomware family was reported to be in a decline towards the end of 2018, but it appears the ransomware actors needed time to polish a new version. The MMM Reborn V4 Ransomware includes new encryption routines and the Trojan combines the use of regular EXE files and simple BAT files now. The MMM Reborn V4 Ransomware is designed to encipher data with the following extensions:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The MMM Reborn V4 Ransomware may enter systems via compromised remote desktop accounts and inflict significant damage on poorly protected servers. The MMM Reborn V4 Ransomware may spread to connected devices and interrupt the work of various database managers. The MMM Reborn V4 Ransomware may drop 'ecorp.bat' to the startup directory of compromised hosts and load a custom ransom message after a system reboot. The MMM Reborn V4 Ransomware actors may continue to use the '' email address in communications with users, and they may use new accounts as a way to reflect updates and avoid detection. The Trojan is known to write 'DECRYPT_FILES.txt' to the user’s desktop and Documents directory. You can find the content of 'DECRYPT_FILES.txt' listed below:

What happened to your files?
Your stupid IT Dept. not secure your systems and all of your files were encrypted. Your files were encrypted by a strong encryption with RSA2048.
What do I do?
So,there are two ways you choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way. If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment.
You can send to 2-3 random files <2mb and we decrypt it for Free. !!!DO NOT TRY RESTORE YOUR FILES. !!!DO NOT USING DIFFERENT DECRYPTION SOFTWARE. !!!FILES MAY BE DECRYPTED ONLY WITH OUR SOFTWARE. YOUR PERSONAL DETAILS YOUR DECRYPTION PRICE: IF YOU PAY WITHIN 7 DAY - 8 BITCOIN IF YOU NOT PAY WITHIN 7 DAY - 12 BITCOIN WALLET ADRESS 1MMbgkg$S82t4WCAYkKMVCsWAnwnrzUpP UNIQ USER ID: [random characters] INSTRUCTION 1)Buy Bitcoin on btc exchange sites (Coinbase, Localbitcoins, Coinmama and another). For buy Bitcoin you need confirm your Identity. Buy Bitcoin offline in ATM or from seller 2)Send BITCOIN to your personal wallet address 1MMMbgkgSS82t4WCAYWEVCsWAawnrzUpP 3)Write us to email in subject write your UNIQ USER ID 4)After we confirm payment - we send you decryption software and Private Key for decrypt your files. TRIPLE(MMM) REBORN RANSONWARE v4'

Most of the devices breached by the MMM Reborn V4 Ransomware are parts of company networks and small businesses. The threat actors are believed to exploit software vulnerabilities in Internet-facing systems and try default login credentials for routers in the Ransomware attacks. Server administrators and PC users are advised to avoid contact with the cybercriminals via any communication avenue including the '' email account. As you can see above, the MMM/TripleMM team demands an absurd payment of 8 Bitcoin (≈$32,200/€28,550). Paying the money is not guaranteed to secure you a decryptor for your data. It is far safer to use a backup manager and backup images for your recovery needs. Threats like the MMM Reborn V4 Ransomware self-destruct usually, but it may be prudent to scan the infected devices just in case. Detection names for the MMM Reborn V4 Ransomware are listed below:

Trojan.Filecoder!8.68 (CLOUD)


Most Viewed