TripleM Ransomware - How to remove

TripleM is a ransomware virus that targets to infect computers, lock personal files and then ask for a ransom in order to unlock them. Actually, it is a typical ransomware infection – most of them acts the same. Nonetheless, this virus is very lethal and can cause you a lot of cyber security problems.

If you are suffering from TripleM infection and would like to get rid of it and retrieve those files, please, continue reading this article. We will try to provide you with detailed instructions of TripleM ransomware removal and possible methods how you can retrieve your encrypted files.

Updated version of MMM Ransomware

As usual, the strongest weapon of a ransomware is encryption mechanism. In this case, TripleM employs RSA-2048 cryptography that is almost impossible to decrypt.

If you pay attention to the name, it is not difficult to notice that “TripleM” sounds really similar to “MMM ransomware”. That’s no coincidence – reportedly TripleM ransomware is an updated version of MMM ransomware, thus we can expect a lot of similarities between those two.

And that’s not really promising because MMM ransomware was also a lethal infection that caused a lot of problems to infected users.

Distribution of TripleM virus

TripleM ransomware is traveling as an attachment to spam email letters. Usually cyber criminals launch huge spam emails campaigns, send well-crafted misleading letters that encourages to open the attachment for some reason (they make it sound important). If user falls for the trick and opens the attachment, malicious files of TripleM infection are automatically uploaded to the computer and there is not much you can do after that. Unless your computer is protected with reliable anti-malware software that features a real-time protection – most probably it would stop the malicious process before it even begins. In case you want to have such protection on your computer, take a look at our Reviews section where we talk about various anti-malware tools.

Technical Features of TripleM

Technically this virus is very similar to other ransomware infections. Well, maybe the only unusual thing is that it features two encryption extensions, whilst most of other viruses feature just one.

So after successful infiltration into the computer, TripleM will automatically start scanning your hard drive for files it can encrypt. Unfortunately, it is capable of encrypting all sorts of files, so you will probably lose everything you have. Here is a list of file types that can be encrypted by TripleM:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx, .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

We have mentioned that this virus features two different extension to lock the files, so it can be either “.triple_m” or “.info”. After successful encryption one of these extensions will be added to the end of every encrypted file and you won’t be able to open it anymore.

Also, it will create HTML file called “Restore_Triple_m__Files.html” and place it on your desktop. It contains all the information you need to know about paying the ransom and goes like this:

NOT YOUR LANGUAGE? Use Google Translate

What happened to your files?
All of your files were encrypted by a strong encryption with RSA2048

How did this happen?
Specially for your PC was generated personal RSA2048 Key, both public and private.
ALL YOUR FILES were encrypted with the public key, which has been transferred to your PC via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Server

What do I do?
So,there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way.
If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment.

Your personal ID: dd1omrbj.01p
Your personal wallet adress: 35iCvpMMnUWcSWrYtLJLXqe9xo5CYEWRhw

Your price start from 0,25 BTC , after week he is 0,5 BTC , after 3 week he is 1 BTC. After 4 week your secret key has been deleted.

Instruction:
1)Buy Bitcoin on btc exchange sites (Coinbase,Localbitcoins, Coinmama and another).For buy Bitcoin you need confirm your Identify.
2)send Bitcoins to 35iCvpMMnUWcSWrYtLJLXqe9xo5CYEWRhw
3)Write us to email [email protected]
4)After we confirm payment – we send you decryption software and Private Key for decrypt your files.

Cyber criminals generated and assigned unique ID which is used to categorise encrypted computers. If you do pay the ransom, they should track your ID and generate decryption key that could unlock your files. However, it is not clear whether crooks behind TripleM ransomware are willing to do so, thus you can get scammed.

They want you to pay 0,25 Bitcoins and that’s around $4000 at the moment. That’s a lot of money, plus there are no guarantees that your files will be encrypted after that, so it’s not really wise to actually pay the ransom.

Removal of TripleM

Instead paying those crooks money, you should look for other alternatives. First of all, get rid of the virus itself. You can do that by scanning your computer with Spyhunter. Either one of those tools should be able to detect and remove malicious files of TripleM automatically.

Sadly, removing the virus won’t unlock your files, so you can try to restore them from a backup. If you have a backup copy of your hard drive, follow our system restore guide and return your system back to the normal state.

Automatic Malware removal tools