TripleM Ransomware

The TripleM Ransomware is a ransomware Trojan that seems to be a variant of the MMM Ransomware, an encryption ransomware Trojan that has been reported before the appearance of the TripleM Ransomware. The TripleM Ransomware first appeared on May 5, 2018. When the TripleM Ransomware encodes a file, it can be recognized easily because it will have the file extension '.MMM' added to the end of its name. The TripleM Ransomware carries out a typical ransomware encryption attack; it takes the victim's files hostage so that the only way to recover the lost data is by paying a ransom.

How the TripleM Ransomware Trojan may Enter a Computer

The TripleM Ransomware, like most encryption ransomware Trojans, targets the user-generated files, such as images, videos, audios, texts, and numerous document formats. The TripleM Ransomware will use the AES encryption to make the victim's files unrecoverable, taking them hostage so that the victim only can get these files back by paying the asked ransom. The examples of the file types that may be compromised by threats like the TripleM Ransomware include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The TripleM Ransomware will deliver a ransom note in the form of an HTML file dropped on the infected computer's desktop. The TripleM Ransomware's ransom note, named 'GET_YOUR_FILES_BACK.html,' reads as follows:

'Triple (MMM) Ransomware v1
NOT YOUR LANGUAGE? Use Google Translate
What happened to your files?
All of your files were encrypted by a strong encryption with RSA2048
How did this happen?

Your personal ID: [RANDOM CHARACTERS]
Your personal wallet adress: 1MMMSA9WJvM7BjhEqy4cQ4gjUXgKKTJcK3
Your price start from 0,45 BTC, after 10 days he is 0,9 BTC, after 15 day he is 2 BTC. 20 day and your secret key has been deleted.
Instruction:
1)Buy Bitcoin on btc exchange sites (Paxful.com, gemini.com, Coinbase,Localbitcoins, Coinmama and another). For buy Bitcoin you need confirm your Identify.
Or buy Bitcoin instantly in your City h[ttp]s://coinatmradar[.]com/country/226/bitcoin-atm-united-states/
2)send Bitcoins to 1MMMSA9WJvM7BjhEqy4cQ4gjUXgKKTJcK3
3)Write us to email triplem@tuta.io
4)After we confirm payment - we send you decryption software and Private Key for decrypt your files.'

Dealing with the TripleM Ransomware Infection

No matter the situation, following the instructions in the TripleM Ransomware ransom note or making contact with its perpetrators should be avoided. Instead, computer users should ensure that they are protected from threats like the TripleM Ransomware preemptively so that the next threat that tries to invade their machines will not be successful. The best preventive measure available to any computer user is to have file backups. The combination of file backups and effective security program that is fully up-to-date can prevent the TripleM Ransomware from being installed and can help computer users recover their files in the event of infection with the TripleM Ransomware or a similar threat.