.MMM Files Virus (TripleM Ransomware v1) - Remove and Restore Files
THREAT REMOVAL

.MMM Files Virus (TripleM Ransomware v1) – Remove and Restore Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by TripleM Ransomware and other threats.
Threats such as TripleM Ransomware may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article has been created in order to help you by explaining how to remove the TripleM Ransomware virus from your computer and how to restore files that have been encrypted with the .MMM file extension on your PC.

A new ransomware virus, calling itself TripleM ransomware has been detected by security researchers. The infection’s primary purpose is to get users to perform multiple different activities on the victims’ computers, which end up with their important documents, videos annd other files to become no longer able to be able to be opened. In addition to this, the ransomware also adds the .MMM file suffix to the encrypted files. The TripleM ransomware has an end goal to get the victims to read it’s ransom note file, named GET_YOUR_FILES_BACK.html and then get them to pay a hefty ransom fee in order to get their encrypted files restored back to normal.

Threat Summary

NameTripleM Ransomware
TypeRansomware Virus
Short DescriptionSimilar to its older variant, the TripleM Ransomware v1 aims to encrypt the files on your computer and then asks you to pay ransom in BitCoin in order to get the encrypted files recovered back to their normal state.
SymptomsFiles are encrypted with an added .MMM file extension. A ransom note, called GET_YOUR_FILES_BACK.html is dropped on the victim’s computer.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by TripleM Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss TripleM Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.MMM Files Virus – How Does It Infect

The .MMM file ransomware may use different reasons as a pretext to get you to open a malicious file via e-mail. Such pretexts often pretend that they come from big companies, for instance:

  • DHL.
  • FedEx.
  • eBay.
  • Amazon.
  • LinkedIn.
  • Facebook.
  • PayPal.

In addition to this, the spam messages may pretend that the malware is a legitimate document, like an invoice or other type of seemingly legitimate file. The file may even be a Microsoft Word document which could contain malicious Macros embedded within it. These are activated once you open the Word file and click on “Enable Editing” to turn on macros.

Another often used method for replication that may be utilized by the ones behind the TripleM ransomware virus may be directly uploading the malicious files on the computer of the victim. These malicious files may exist in different third-party software providing websites, like torrent sited or download web pages. Usually the cyber-criminals make it as if the malicious files appear like:

  • Installers for software or games.
  • Key generators.
  • Software License activators.
  • Cracks.
  • Patches.

TripleM Ransomware – How Does it Work?

Once the TripleM ransomware has infected your computer, it’s malicious payload may be dropped in different Windows system folders, most often targeted of which are believed to be the following:

  • %Roaming%
  • %AppData%
  • %Temp%
  • %LocalLow%
  • %Local%

Once the TripleM virus has dropped it’s files, they may be of different file types, for instance:

→.exe; .htm; .hta; .vbs; .dll; .tmp;

The TripleM ransomware is a cryptovirus, meaning that it’s main purpose is to encrypt the files on your computer and render them no longer able to be opened. To reach it’s end goal, the TripleM ransomware may start different activities on your computer, like modify the Windows Registry Editor in order to get it’s malicious files to run when Windows has started. This happens by adding Windows registry strings in the sub-keys for auto-run, which are the following:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In addition to doing this, the TripleM ransomware infection may also start to delete the files you have backed up on your computer. This activity may start with the malware running a script as administrator in the background which triggers Windows Command prompt to execute the following commands:

→ process call create “cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures”

Among the files that are dropped by the TripleM ransomware virus is it’s ransom note file, called GET_YOUR_FILES_BACK.html. It has the following message to the victims of the virus:

NOT YOUR LANGUAGE? Use Google Translate
What happened to your files?
All of your files were encrypted by a strong encryption with RSA2048
How did this happen?
Specially for your PC was generated personal RSA2048 Key, both public and private.
ALL YOUR FILES were encrypted with the public key, which has been transferred to your PC via the Internet.
Decryptlng of your files is only possible with the help of the private key and decrypt program, which is on our Server
What do I do?
So,there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way.
If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment.
Your personal ID:
Your personal wallet adress:

The ransom note appears like the following when opened:

.MMM Ransomware – How Does It Encrypt Files

The TripleM ransomware encrypts files on the computers infected by it via scanning for those files. This process results in the ransomware virus detecting specific files it wants to encrypt. These files are usually files that you use often, such as:

  • Images.
  • Archives.
  • Documents..
  • Audio files.
  • Others

Once the files are encrypted by TripleM ransowmare, they start to have the .MMM file extension and begin to appear like the following:

And the .MMM files virus is very careful not to encrypt those files on your computer that may pose a threat to it’s health, such as system files, belonging to Windows.

How to Remove TripleM Ransomware and Restore .MMM Encrypted Files

The TripleM ransomware, just like most malware should not be underestimated. This is why, to remove it, we advise you to follow the removal instructions underneath this article. They have been created to help you to delete the virus files of this PC either manually or automatically. If manual removal is not something you feel confident in, security experts strongly advise to remove TripleM ransomware automatically, preferably by downloading an advanced anti-malware software, that can help you delete the virus files from your computer completely by scanning for them and such tool will also ensure that future protection in real-time is ensured.

If you are looking for ways to restore the files that have been encrypted by this ransomware infection, we advise you to check the alternative methods for file recovery underneath in step “2.Restore files, encrypted by TripleM Ransomware”. They have been created to help you to restore as many files as possible without having to pay ransom to the cyber-crooks, which is strongly inadvisable, because you cannot trust them with recovering your files and in addition to this you help support cyber-criminal activity by doing so.

Note! Your computer system may be affected by TripleM Ransomware and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as TripleM Ransomware.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove TripleM Ransomware follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove TripleM Ransomware files and objects
2. Find files created by TripleM Ransomware on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by TripleM Ransomware

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...