MMM uses its strong encryption method to make the victim's files unusable, targeting user-generated files such as audio, video, photos, and Microsoft Office documents (among many other file types). MMM uses AES encryption to make the files unusable and then the RSA encryption to make the decryption key inaccessible. The files encrypted in MMM attack are easy to identify because MMM will change their file extensions. MMM will add the file extension '.0x009d8a' to all files targeted by the attack.
MMM Ransomware will demand a ransom. The MMM Ransomware does this by delivering a ransom note to the victim's computer. The ransom note is named 'RESTORE_0x009d8a_FILES.html' and is placed on the infected computer's desktop. The MMM Ransomware demands a ransom of 1.2 Bitcoin (approximately 5105 USD or 4347 EUR at the current exchange rate). According to the MMM Ransomware, the victim only has six days to pay the ransom if there is any chance of restoring the affected data. The following is the full text of the MMM Ransomware ransom note:
YOUR UNIQ IDENTIFICATOR: [10 RANDOM CHARCTERS] What happend with my files? All your databases corrupted. All your files has been locked ( encrypted) with Ransomware For encrypting we using strong cryptographic algorithm AES256+RSA-2048 .Do not attempt to recover the files yourself. You might corrupt your files. We also rewrite all old blocks on HDD and you don`t recover your files with Recuva and other... YOU HAVE ONLY 6 DAYS FOR BUY YOUR DECRYPTION TOOL It is not advised to use third party tools to decrypt,if we find them you ,you will forever lose your files. How i can restore my files? Go to BTC exchange services and buy 1,2 Bitcoin 3) Send it to address 151F8ufANwCohXzteZ2mauvHLvkS8WmEFT and write us email to address email@example.com for giving your key and decryption tool. In subject write your Unique ID BTC Guide: Top BTC exchange sites: LocalBitcoins (We recomend), Coinbase, BTC-E, Online wallets: BlockchainInfo, Block.io