What is MMM ransomware? And how does it execute its attack?

MMM ransomware, also referred to as “TripleM” ransomware, is a crypto-malware with a primary purpose of locking important data in an infected computer in exchange for a ransom. This ransomware uses the .MMM, .triple_m, and .info file extensions in marking the files it encrypts. During the infiltration, MMM ransomware will drop its malicious payload in different system folders so it can repress Windows processes and achieve persistence on the infected PC. After it drops these malicious files, it will scan for certain files to encrypt such as .exe, .htm, .vbs, .dll, and .tmp. MMM ransomware uses a combination of AES, RSA and HMAC ciphers in locking files. And to complete is a goal, it will modify the Windows Registry so it can get its malicious files to run every time Windows is started. This happens by adding registry strings in the following sub-keys for autorun:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In addition, MMM ransomware also drops a file named “GET_YOUR_FILES_BACK.html” which contains the following message:
“NOT YOUR LANGUAGE? Use Google Translate
What happened to your files?
All of your files were encrypted by a strong encryption with RSA2048
How did this happen?
Especially for your PC was generated personal RSA2048 Key, both public and private.
ALL YOUR FILES were encrypted with the public key, which has been transferred to your PC via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Server
What do I do?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way.
If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment.
Your personal ID:
Your personal wallet address:”
If you are one of the users who has fallen victim to MMM ransomware, paying the ransom must be out of your options as it can’t actually guarantee the full recovery of your encrypted files. To deal with this kind of threat, you have to eliminate it first from your system before it can encrypt more files. Once you have it eliminated, that’s when you try other alternative options to recover your encrypted files.
How does MMM ransomware proliferate?
At the time of writing, it isn’t clear how MMM ransomware proliferates yet. However, it might use the most common distribution method of ransomware threats which is via malicious spam email campaigns where crooks attached an infected attachment to the emails and trick you into downloading them. This infected attachment may be a document with macro scripts used to launch MMM ransomware into your computer.
Use the removal guide prepared below in terminating MMM ransomware from your computer.
Step 1: Open Windows Task Manager by pressing Ctrl + Shift + Esc at the same time.
Step 2: Go to both the Application and Processes tabs and look for any suspicious applications and processes affiliated to MMM ransomware and then kill them.

Step 3: Open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then click OK or press Enter.

Step 4: Look for MMM ransomware or any suspicious program and then uninstall it/them.

Step 5: Hold down Windows + E keys simultaneously to open File Explorer.
Step 6: Navigate to the following directories:

  • %USERPROFILE%\Desktop
  • %USERPROFILE%\AppData\Local\Temp
  • %USERPROFILE%\downloads
  • %TEMP%

Step 7: Look for the malicious files created by the ransomware like the malicious macro-enabled document you’ve downloaded recently as well as the files named “GET_YOUR_FILES_BACK.html” and “RESTORE_triple_m_FILES.html” then delete them all and then close the File Explorer.
Before you proceed to the next steps below, make sure that you are tech savvy enough to the point where you know exactly how to use and navigate your computer’s Registry. Keep in mind that any changes you make will highly impact your computer. To save you the trouble and time, you can just use an efficient program like [product-name], this system tool is proven to be safe and excellent enough that hackers won’t be able to hack into it. But if you can manage Windows Registry well, then, by all means, go on to the next steps.
Step 8: Tap Win + R to open Run and then type in regedit in the field and tap enter to pull up Windows Registry.

Step 9: Navigate to the following registry paths:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Step 10: Under the paths listed above, look for registry values created by MMM ransomware and delete it.
Step 11: Close the Registry Editor
Step 12: Empty all the contents of Recycle Bin.
Try to recover your encrypted files using the Shadow Volume copies
Restoring your encrypted files using Windows’ Previous Versions feature will only be effective if MMM ransomware hasn’t deleted the shadow copies of your files. But still, this is one of the best and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.

After you’ve covered the steps provided above, you need to continue the removal process of MMM ransomware with the help of a reliable program like [product-name]. How? Follow the advanced removal steps below.
Perform a full system scan using [product-code]. To do so, follow these steps:

  1. Turn on your computer. If it’s already on, you have to reboot
  2. After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.

  1. To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
  2. Windows will now load the SafeMode with Networking.
  3. Press and hold both R key and Windows key.

  1. If done correctly, the Windows Run Box will show up.
  2. Type in the URL address, [product-url] in the Run dialog box and then tap Enter or click OK.
  3. After that, it will download the program. Wait for the download to finish and then open the launcher to install the program.
  4. Once the installation process is completed, run [product-code] to perform a full system scan.

  1. After the scan is completed click the “Fix, Clean & Optimize Nowbutton.
logo main menu

Copyright © 2023, FixMyPcFree. All Rights Reserved Trademarks: Microsoft Windows logos are registered trademarks of Microsoft. Disclaimer: FixMyPcFree.com is not affiliated with Microsoft, nor claim direct affiliation. The information on this page is provided for information purposes only.

DMCA.com Protection Status

Log in with your credentials

Forgot your details?