Geek's Advice

MME ransomware activity increases in 2022

MME ransomware is a malicious file-encrypting computer virus that is designed to extort users. After being launched on a computer, it encrypts all data stored on it and marks each affected file with an additional .MME extension. To illustrate, file originally named 1.jpg will be renamed to 1.jpg.MME, example.txt becomes example.txt.MME and so on. The virus also drops a ransom note named Read_Me.txt which contains a message from the cybercriminals behind this malware.

The Read_Me.txt note dropped by this ransomware suggests that all files stored on victim’s computer, such as documents, photos, databases and other important data was encrypted. Furthermore, the ransom note contains repetitious claims that the only method to decrypt .MME files lies in hands of the cybercriminals, and that the victim should contact them in case one wants the data back.

The way operators of this ransomware suggest contacting them differs from other ransomware strains. There are no contact email addresses provided in the message. Instead, the ransom note suggest visiting a dark web website which can be accessed only via TOR browser. After installing this web browser, the victim is instructed to visit a specified website.

The TOR website provided by the cybercriminals suggest opening a “support ticket” rather than live chat with them. The victim can provide name, email address, subject line and message to the criminals. The crooks warn that they might not respond that quickly and advise waiting several hours for a reply. The ransom note also contains an alternative communication channel, yet another website that can be used to send “support ticket,” although this one can be accessed via regular web browsers.

When contacted, the criminals suggest uploading one encrypted file to them and respond with a decrypted version of it. In addition, they specify that the MME decryption tool costs $500 and this amount should be paid in Bitcoin.

Operators of this ransomware use data encryption technologies to prevent computer user’s access to his/hers own files; in order to decrypt encrypted data, the user must have access to private decryption key, which, in this case, is held by cybercriminals. Currently, it is unknown how robust is this ransomware and whether its modus operandi can be reversed so that victims could restore their data without data backups. One way or another, we’d like to recommend you to avoid listening to scammers’ demands and NOT PAY THE RANSOM. It doesn’t guarantee data recovery, no matter what the crooks tell you.

If you have fallen victim to this malware, the most important thing to do now is to remove MME ransomware virus remains from the system and check whether more malware was dropped during the attack. To identify malicious threats automatically, we recommend using a robust AV software. Our team’s top pick is INTEGO Antivirus. You can read its full review here. In case of malware attack, we also recommend using a convenient tool for repairing virus damage on Windows OS files. You can download it safely from there – RESTORO.

Ransomware Summary

REMOVE MALWARE & REPAIR VIRUS DAMAGE

Screenshot of files encrypted by MME ransomware virus:

Ransom note (Read_Me.txt) contents are displayed below.

Screenshot of TOR website and the response from cybercriminals who offer test decryption on one file and price of the full decryption:

Screenshot of the alternative domain associated with the same ransomware:

Ransomware distribution methods and ways to avoid getting infected

Ransomware-type computer viruses are mostly distributed via email (in a form of malicious attachments), along pirated software versions, fake software update tools, software or operating system cracking tools and sometimes fake data decryption tools. Users compromise their computers after opening a malicious file, which can come in a form of executable, document or script.

Our advice for computer users is to avoid opening email attachments sent from someone you do not know or didn’t expect to contact you. Especially avoid opening email attachments or inserted links if the email exclusively insists and urges you to do so as soon as possible. If you can notice this urgent tone, it is likely that the attached file contains malware. Moreover, it can be hard to identify that the email sender’s intentions are malignant, especially when the cybercriminals design the email to appear legitimate – spoof their sender’s address, insert logos of well-known companies and claim to be delivering an important invoice, order summary or parcel tracking details. You should also look out for details such as unfamiliar greeting line or typo mistakes.

Downloading pirated software versions can also severely damage your computer. Most of the time, these downloads do not even contain the promised software at all – these download links online are only used as clickbait to trick you into downloading malware. For this reason, we’d like to advise you to only look for software on confirmed and official sources online rather than shady torrent libraries online.

To avoid getting your computer infected, we’d also like to mention to stay away from aggressive pop-up or new tab ads that might appear during your web browsing sessions. Some of these ads are designed to deceptively claim that your computer is infected and needs to be checked immediately; others suggest installing a popular software update, for example, for Java. However, you should never click on these ads or download anything from them. If you need to update specific software, you need to head to its developer’s website and check for updates there. Fake software installers are a well-known source of malware.

Finally, we strongly recommend to protect your computer with a robust antivirus software at all times. Make sure to choose one that provides real-time protection feature, which means that the software will monitor websites you enter and files you download and scan them in real-time to warn you before you decide to open them.

Remove MME Ransomware Virus and Protect Your Computer

Users who have fallen victim to a ransomware attack are advised to boot their computers in Safe Mode with Networking (as explained in the tutorial below) and scan their computers with an up-to-date antivirus software to remove MME ransomware virus and related threats automatically. We do not recommend trying to delete malicious components manually because the list of dropped files, Windows Registry modifications and other components left by the malware is very lengthy. To automatically eradicate the threat from your Windows PC, we recommend using INTEGO Antivirus. Afterward, it is a good idea to download RESTORO and use it to repair virus damage on Windows OS files.

You can find a full MME virus removal tutorial down below. You can recover your files from data backups if you had any created prior to the ransomware attack. At this time, there are no known tools for data decryption available for this specific malware variant.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS

REMOVE & PROTECT WITH INTEGO

Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7.. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.

Use INTEGO Antivirus to remove detected threats from your computer.

Read full review here.

STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

Alternative software recommendations

Malwarebytes Anti-Malware

Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense

If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Norbert Webb

Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.