MMM Ransomware
Posted: August 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 8 |
| First Seen: | August 15, 2017 |
|---|---|
| Last Seen: | March 6, 2019 |
| OS(es) Affected: | Windows |
The MMM Ransomware is a file-locking Trojan that can prevent you from opening your media, such as pictures, spreadsheets or documents. Symptoms of an MMM Ransomware infection usually will include text messages that ask for ransom payment to unlock your files and changes to their names, such as new extensions. Since malware experts are rating this threat's encoding method as being secure, PC users should keep backups for restoration purposes and use anti-malware programs for blocking or uninstalling the MMM Ransomware immediately.
Tripling Encryption Security to Harm the Safety of Your Media
The best practice for a threat actor is usually a net negative for the victims under attack, particularly concerning file encryptor-based campaigns. A new Trojan only recently identifiable in meaningful numbers is using an unbreakable cipher to block the local files on infected machines, creating leverage for a ransom negotiation. While most AV brands identify the new the MMM Ransomware as a variant of Hidden Tear currently, malware experts are verifying this ID as being a false confirmation that could mislead users into corrupting their files.
The MMM Ransomware is a Trojan with no known genealogy related to other threats, such as Hidden Tear, EDA2, or the Globe Ransomware. It uses an encryption cipher of the AES but protects it with a combination of the RSA and the HMAC key authentication. Any files it locks, such as text documents, also have new '.0x009d8a' extensions appended to their names. While this extension resembles a variable memory address, malware experts determine that it's a prefixed string and will remain consistent between different installations of the MMM Ransomware.
The MMM Ransomware creates a custom HTML page on the desktop to provide its ransom demands for restoring any of the locked files. The note gives any victims six days to pay before losing their media and specifies Bitcoin payments to prevent standard customer protections like chargebacks from applying. Unfortunately, using an incompatible decryptor, such as one designed for Hidden Tear variants, to unlock your files will corrupt them and make them unreadable permanently.
Besting Standard Security Practices with Even Better Ones
Although the MMM Ransomware is careful to use encryption methods that are unbreakable without additional mistakes from its threat actor virtually (such as leaks of authentification databases), it isn't the only file-blocking Trojan with a payload that's impossible to reverse. More reliable recovery options always are available for PC users who bother to back their files up to password-protected cloud servers, detachable devices, and other storage options that can't be scanned and encrypted or erased. Some PC users also may wish to focus on formats most likely to be under attack by threats of the MMM Ransomware's classification, such as documents, pictures, spreadsheets, archives and audio.
The MMM Ransomware uses a 4.5 release of the Microsoft's .NET Framework and is, accordingly, compatible with a majority of the Windows systems. Infection strategies that may be in use for the MMM Ransomware's campaign range from drive-by-download attacks by exploit kits to e-mail attachments with contents formatted for resembling safe documents. Besides backing up their media, users can protect themselves by choosing strong Web-browsing settings, avoiding easily-cracked passwords, and using actively-monitoring anti-malware solutions to delete the MMM Ransomware as soon as they detect the threat.
Many Trojans with file-encoding attacks being decryptable thanks to the work of third-party researchers can lead some PC owners into taking the safety of their files for granted. However, the MMM Ransomware campaign and ones just like it are apt examples of why banking on the assumption of a decryptor is an easy way to cut your files' collective lifespan short.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.