TripleM Ransomware

The TripleM Ransomware is a minor variant of the MMM Ransomware, a Trojan that uses the AES and RSA encryptions for locking your media. Attacks by the TripleM Ransomware, like those of its predecessor, can make it impossible to open different files and uses local Web pages for displaying its ransom-collecting demands. There is no free decryptor option for this family, and malware experts recommend keeping backups and having anti-malware protection for removing the TripleM Ransomware.

The Letter that Stands for Upcoming File Problems

The formerly singular MMM Ransomware is acquiring a new variant, the TripleM Ransomware, which embraces the Trojan's brand-name by including it in its ransoming warning and its cosmetic symptoms. Malware researchers are noting that the TripleM Ransomware's other features are, almost entirely, not modified from the previous version of the program, which makes it just as much of a danger to local files as the MMM Ransomware. This Trojan is notable both for being independent of sizable families like Hidden Tear or a Ransomware-as-a-Service product while also leveraging a secure encryption method.

The data-encrypting attack of the TripleM Ransomware uses a primary encryption mechanism of AES, which it secures with the RSA and an HMAC authentication code. This cryptography attack isn't breakable by third parties and causes any files that the TripleM Ransomware encrypts to become non-opening. The threat actors also are changing the extension that this Trojan appends from '.0x009d8a' to an '.MMM' string, which it adds to the end of every locked file's name.

Another trait of the MMM Ransomware that the TripleM Ransomware retains is using a Web page (HTML file) for delivering its ransoming demands, which it displays via the desktop's wallpaper. The TripleM Ransomware is asking for just under half a Bitcoin for giving its victims a decryptor for the unlocking of their files, which, at current rates, converts to roughly four thousand USD. This fee is exceptionally costly for a file-locking Trojan and could indicate that the TripleM Ransomware's threat actors are trying to compromise business networks, profitable domain owners, or even the branches of various governments.

Keeping the Wrong Letters out of Your Files

The currency notations in the TripleM Ransomware's messages imply that it's a threat for non-American victims, such as residents of Europe. However, besides requiring a Windows environment and the 4.5 release of .NET Framework, the TripleM Ransomware could run and damage media on most systems throughout the world. As with any group of file-locking Trojans without a freeware decryptor, malware experts warn that PC users without any secure backups may have their files encrypted, and unusable, permanently. Storing your work on portable devices or cloud servers can reduce the probability of the TripleM Ransomware damaging them.

Malware experts have yet to verify live cases of the threat's targeting victims or extorting Bitcoins successfully. Any users with locked files should avoid paying the cryptocurrency ransom, which is refundable only with the threat actor's consent. Have anti-malware software, preferably ones already proven against the MMM Ransomware, quarantine or delete the TripleM Ransomware for protecting your files from any encryption-related damage.

Whether a Trojan comes from a family as enormous as that of Utku Sen's Hidden Tear, or one as small as the individual MMM Ransomware, it, still, is equally threatening to any PC that it infects. The TripleM Ransomware is proof that a file-locker Trojan's campaign can come from a humble place of 'birth' without skimping on the encryption security that stands between you and your files.