MMM Reborn Ransomware

The MMM Reborn Ransomware is a file-locker Trojan that's an update of 2017's MMM Ransomware or 'TripleM' Ransomware. This threat can use encryption on your files and convert them into non-opening data that requires a customized decryption program for restoring. Since no free decryptors are available to the public, yet, the users should back their work up for protecting it and have their anti-malware products remove the MMM Reborn Ransomware and defend their PCs from its attacks.

A Trojan Resurrection that No One Asked to See

Threat actors are circulating an unwanted 'rebirth' of the old MMM Ransomware (AKA 'TripleM') that was in circulation for a portion of both 2017 and 2018. The new version, dubbing itself the MMM Reborn Ransomware, is using similar symptoms to that of its original software but may include yet-unanalyzed changes to its cryptography or other, internal defenses. Whether it's a minor tweak or a significant upgrade, malware experts find no reasons for rating it as anything other than a danger to all digital media on Windows systems.

The MMM Reborn Ransomware runs off of a .NET Framework package for compatibility purposes and, consequentially, is targeting Windows PCs only. Its attacks include a silent, background routine that uses the RSA encryption, supposedly with a 2048-sized key, for locking documents, archives, images, music and other media on the computer. If the users encounter issues with determining which files the MMM Reborn Ransomware is rendering illegible, malware experts suggest searching for either 'info' or 'triple_m' extensions, which different cases of the older MMM Ransomware attacks are known for inserting. The extension change doesn't wipe any other text from the original filename, such as its previous formatting abbreviation (DOC, JPG, etc.).

The MMM Reborn Ransomware also creates an HTML page for giving the victims a set of ransom demands. Most of the ransom note is typical, save for what malware experts are considering an unrealistically expensive fee of 222 Bitcoins minimum (over eight hundred, thousand US dollars). The setting of the price so high makes it likely that the threat actors have no experience or profitability expectations comparative to that of a professional, Ransomware-as-a-Service operation.

Culling the Breeding of Data Ransoms

The MMM Reborn Ransomware's campaign, if it keeps to the traditions of the first MMM Ransomware, may be targeting business networks with at-risk servers that are breachable by brute-force utilities or other strategies. Network admins should make sure that all relevant software is running with the latest security patches and avoid passwords and other login credentials with easily-guessable text. All workers, also, should be careful about opening e-mail attachments that may include unsafe content, such as the still-prominent, fake invoice spreadsheets and PDF document scams.

There isn't a free decryption service that's compatible with the MMM Reborn Ransomware, which uses a theoretically secure, dual-layer encryption method. Contacting an experienced cyber-security specialist and providing appropriate samples may help with determining one's chances of recovering any files without needing a backup. However, most anti-malware products should remove the MMM Reborn Ransomware safely in the first place and serve as preventatives against any data loss.

Criminals toying with an experimental and impractically expensive variant of the MMM Reborn Ransomware means more problems for all average users who don't protect their files, or administrators not hardening their networks. A document or picture, once taken for granted, can be spirited away without much trouble, and thousands of dollars in Bitcoins is more than most victims can afford to pay.