Remove Mammon Ransomware

SamSam Ransomware

Ransomware attacks continue to be one of the most common strategies that cybercriminals use to 'steal' money from their victims. However, they are not taking the money directly – instead, they sell fake decryption services to victims by promising to help them recover their data in exchange for some Bitcoin. One of the popular ransomware families during the past year has been the Makop Ransomware, and it was recently expanded with the introduction of a new file-locker – the Mammon Ransomware.

The Mammon Ransomware is trying to reach victims through malicious email attachments, fake downloads, pirated content, and other shady files. If a victim ends up launching it on an unprotected device, they may end up losing access to the majority of their data. The Mammon Ransomware is programmed to lock the contents of images, documents, videos, archives, and dozens of other types of files. As soon as it encrypts a file, it adds the suffix '[<VICTIM ID>].[mammon0503@tutanota.com].mammon' to the damaged file.

Just like the original variants of the Makop Ransomware, this one also uses the 'readme-warning.txt' document to shed more light on the attack. As mentioned above, the criminals offer to provide a decryption service in exchange for some Bitcoin. The exact ransom sum is not listed and, instead, the attackers ask to be contacted via one of these emails - ammon0503@tutanota.com, mammon0503@protonmail.com, samsung00700@tutanota.com, pecunia0318@goat.si.

Never agree to co-operate with ransomware creators. Paying them is not an option since it would be easy for them to scam you out of your money. Instead, run an antivirus tool to eliminate the Mammon Ransomware and then try out other data recovery options such as restoring from a backup.

May 13, 2021

Leave a Reply