'.cccmn File Extension' Ransomware

The '.cccmn File Extension' Ransomware is a file-locking Trojan from the Dharma Ransomware sub-division of the Crysis Ransomware family. Attacks by these threats use the AES and RSA encryptions for locking your PC's media content, as well as erasing Windows backups and delivering ransoming demands in Web pages. Most anti-malware programs can delete the '.cccmn File Extension' Ransomware safely from your computer, but there is no free decryption or unlocking solution for the modern iterations of this Trojan.

A Pretense of Security Software is Attacking Your Files

Between old variants of the Dharma Ransomware, like the 'wisperado@india.com' Ransomware and the Wallet Ransomware, along with new models such as the 'help@decrypt-files.info' Ransomware and the '.AUDIT File Extension' Ransomware, this family is sustaining regular, extortionist activity for profit. The long-term growth of its RaaS model of business, also, is experiencing some variety in how different criminals choose to exploit the file-locking Trojan on a case-by-case basis. For example, malware experts are verifying the '.cccmn File Extension' Ransomware's use of a fake security software disguise.

The '.cccmn File Extension' Ransomware's choice for concealing itself is different from that of the equally-recent the '.AUDIT File Extension' Ransomware completely, whose campaign uses shareware credentials for hiding its executable. Instead, the '.cccmn File Extension' Ransomware takes the risk of pretending that it's a product by Emsisoft, an AV and anti-malware company. However, just as with the second Trojan, the '.cccmn File Extension' Ransomware doesn't hijack digital signatures for completing the disguise and making it appear authentic.

Once it's on-board a Windows PC, the '.cccmn File Extension' Ransomware collects and uploads system information for identifying the infection to the threat actor and transferring over the decryption credentials. More importantly than that, it searches for, and encrypts, numerous media formats in multiple folders on the computer, such as documents, pictures or archives. The extension that the Trojan adds is unique to this campaign, and malware researchers find different filename-identifiers in other variants of Dharma Ransomware regularly.

A Measure of Security against a Fake Security Program

Traditional infection strategies for different releases of the Dharma Ransomware (and its overarching family of the Crysis Ransomware) involve 'hacking' a non-secure login with brute-force attacks, as well as taking advantage of RDP features, with an emphasis on business-owned servers. Some users also could endanger their PCs by opening corrupted e-mail attachments, and malware researchers, periodically, find cases of Web browser-driven exploit kits dropping file-locking Trojans of various types. Since there isn't a free decryption option for the '.cccmn File Extension' Ransomware, saving files emphasizes backups and infection-preventing security steps.

While Windows does keep backups of file data for 'rolling back' to a previous state, the '.cccmn File Extension' Ransomware is likely of wiping this information, just like other versions of the Dharma Ransomware. No substantial symptoms are visible for victims while its encryption routine runs, and malware researchers warn that infections are equally likely of entailing long-term security issues from a threat actor's possessing backdoor access. Disable your network connection and remove the '.cccmn File Extension' Ransomware with a trusted anti-malware program before retrieving your files from their backups, if it's possible.

The '.cccmn File Extension' Ransomware isn't being extremely unorthodox with how it hides while locking your media, but creativity isn't a requirement for the success of a digital ransom. Paying after the fact for not protecting your files, instead of paying the price of a good backup solution, inevitably, will be more expensive than doing otherwise.