Contents
MME ransomware is a malicious file-encrypting computer virus that is designed to extort users. After being launched on a computer, it encrypts all data stored on it and marks each affected file with an additional .MME extension. To illustrate, file originally named 1.jpg will be renamed to 1.jpg.MME, example.txt becomes example.txt.MME and so on. The virus also drops a ransom note named Read_Me.txt which contains a message from the cybercriminals behind this malware.
The Read_Me.txt note dropped by this ransomware suggests that all files stored on victim’s computer, such as documents, photos, databases and other important data was encrypted. Furthermore, the ransom note contains repetitious claims that the only method to decrypt .MME files lies in hands of the cybercriminals, and that the victim should contact them in case one wants the data back.
The way operators of this ransomware suggest contacting them differs from other ransomware strains. There are no contact email addresses provided in the message. Instead, the ransom note suggest visiting a dark web website which can be accessed only via TOR browser. After installing this web browser, the victim is instructed to visit a specified website.
The TOR website provided by the cybercriminals suggest opening a “support ticket” rather than live chat with them. The victim can provide name, email address, subject line and message to the criminals. The crooks warn that they might not respond that quickly and advise waiting several hours for a reply. The ransom note also contains an alternative communication channel, yet another website that can be used to send “support ticket,” although this one can be accessed via regular web browsers.
When contacted, the criminals suggest uploading one encrypted file to them and respond with a decrypted version of it. In addition, they specify that the MME decryption tool costs $500 and this amount should be paid in Bitcoin.
Operators of this ransomware use data encryption technologies to prevent computer user’s access to his/hers own files; in order to decrypt encrypted data, the user must have access to private decryption key, which, in this case, is held by cybercriminals. Currently, it is unknown how robust is this ransomware and whether its modus operandi can be reversed so that victims could restore their data without data backups. One way or another, we’d like to recommend you to avoid listening to scammers’ demands and NOT PAY THE RANSOM. It doesn’t guarantee data recovery, no matter what the crooks tell you.
If you have fallen victim to this malware, the most important thing to do now is to remove MME ransomware virus remains from the system and check whether more malware was dropped during the attack. To identify malicious threats automatically, we recommend using a robust AV software. Our team’s top pick is INTEGO Antivirus. You can read its full review here. In case of malware attack, we also recommend using a convenient tool for repairing virus damage on Windows OS files. You can download it safely from there – RESTORO.
Name | MME Ransomware Virus |
Type | Ransomware; Crypto-malware; Virtual Extortion Virus |
Family | Possible ties with GlobeImposter ransomware group |
Extension | .MME |
Contact ways | TOR website |
Damage | The ransomware encrypts all files on victim’s computer, marks them with new extensions, drops Read_Me.txt ransom note and advises to contact the operators of this malware via “support ticket.” The ransomware operators try to extort the victim and force one to pay a ransom for data decryption software. |
Ransom note | Read_Me.txt |
Ransom demand | $500 in Bitcoin |
Distribution | Pirated software version downloads, malicious email attachments, fake software updates |
Detection names | Ransom:MSIL/MmeCrypt.PA!MTB (Microsoft Security), Win32:DangerousSig [Trj] (Avast), Trojan.Generic.30523672 (B) (Emsisoft), Mal/Generic-R + Troj/DwnLd-QP (Sophos), Trojan.Downloader (Malwarebytes), HEUR/AGEN.1145603 (Avira) see all detection name variations on VirusTotal |
Removal | Remove ransomware and related malware from your PC using professional software of your choice. We highly recommend using INTEGO Antivirus. To repair virus damage on Windows OS files, consider scanning with RESTORO. |
REMOVE MALWARE & REPAIR VIRUS DAMAGE
1 Step. Get robust antivirus to remove existing threats and enable real-time protection
INTEGO Antivirus for Windows provides robust real-time protection, Web Shield against phishing and deceptive websites, blocks malicious downloads and blocks Zero-Day threats. Use it to remove ransomware and other viruses from your computer professionally.
2 Step. Repair Virus Damage on Windows Operating System Files
Download RESTORO to scan your system for FREE and detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically.
Screenshot of files encrypted by MME ransomware virus:
Ransom note (Read_Me.txt) contents are displayed below.
Screenshot of TOR website and the response from cybercriminals who offer test decryption on one file and price of the full decryption:
Screenshot of the alternative domain associated with the same ransomware:
Ransomware-type computer viruses are mostly distributed via email (in a form of malicious attachments), along pirated software versions, fake software update tools, software or operating system cracking tools and sometimes fake data decryption tools. Users compromise their computers after opening a malicious file, which can come in a form of executable, document or script.
Our advice for computer users is to avoid opening email attachments sent from someone you do not know or didn’t expect to contact you. Especially avoid opening email attachments or inserted links if the email exclusively insists and urges you to do so as soon as possible. If you can notice this urgent tone, it is likely that the attached file contains malware. Moreover, it can be hard to identify that the email sender’s intentions are malignant, especially when the cybercriminals design the email to appear legitimate – spoof their sender’s address, insert logos of well-known companies and claim to be delivering an important invoice, order summary or parcel tracking details. You should also look out for details such as unfamiliar greeting line or typo mistakes.
Downloading pirated software versions can also severely damage your computer. Most of the time, these downloads do not even contain the promised software at all – these download links online are only used as clickbait to trick you into downloading malware. For this reason, we’d like to advise you to only look for software on confirmed and official sources online rather than shady torrent libraries online.
To avoid getting your computer infected, we’d also like to mention to stay away from aggressive pop-up or new tab ads that might appear during your web browsing sessions. Some of these ads are designed to deceptively claim that your computer is infected and needs to be checked immediately; others suggest installing a popular software update, for example, for Java. However, you should never click on these ads or download anything from them. If you need to update specific software, you need to head to its developer’s website and check for updates there. Fake software installers are a well-known source of malware.
Finally, we strongly recommend to protect your computer with a robust antivirus software at all times. Make sure to choose one that provides real-time protection feature, which means that the software will monitor websites you enter and files you download and scan them in real-time to warn you before you decide to open them.
Users who have fallen victim to a ransomware attack are advised to boot their computers in Safe Mode with Networking (as explained in the tutorial below) and scan their computers with an up-to-date antivirus software to remove MME ransomware virus and related threats automatically. We do not recommend trying to delete malicious components manually because the list of dropped files, Windows Registry modifications and other components left by the malware is very lengthy. To automatically eradicate the threat from your Windows PC, we recommend using INTEGO Antivirus. Afterward, it is a good idea to download RESTORO and use it to repair virus damage on Windows OS files.
You can find a full MME virus removal tutorial down below. You can recover your files from data backups if you had any created prior to the ransomware attack. At this time, there are no known tools for data decryption available for this specific malware variant.
OUR GEEKS RECOMMEND
Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
MME Ransomware Virus Removal Guidelines
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
Now, you can search for and remove MME Ransomware Virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
REMOVE MALWARE & REPAIR VIRUS DAMAGE
1 Step. Get robust antivirus to remove existing threats and enable real-time protection
INTEGO Antivirus for Windows provides robust real-time protection, Web Shield against phishing and deceptive websites, blocks malicious downloads and blocks Zero-Day threats. Use it to remove ransomware and other viruses from your computer professionally.
2 Step. Repair Virus Damage on Windows Operating System Files
Download RESTORO to scan your system for FREE and detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically.
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Instructions for Windows XP/Vista/7 users
Instructions for Windows 8/8.1/10 users
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Private Internet Access (PIA) VPN maintains its long-term role as a leader Private Internet Access…
XCBG ransomware aims to lock your files and demand a ransom XCBG ransomware is a…
BPQD ransomware encrypts all computer files, demands a ransom from the user BPQD ransomware is…
KQGS ransomware is a hostile computer virus designed to encrypt all of your files KQGS…
VTYM ransomware description: a virtual menace to your files stored on the computer VTYM ransomware…
FOPA ransomware is a new threatening computer virus that encrypts your files FOPA ransomware virus…
This website uses cookies.