Hmmmmm ransomware is file-encrypting malware that belongs to the VoidCrypt ransomware family. The ransomware can be identified by the .hmmmmm extension added to encrypted files. Shows a !INFO.HTA ransom note, which explains how users can recover files.
Hmmmmm ransomware is malware that encrypts files. It’s part of the VoidCrypt ransomware family, same as .help ransomware. Because it encrypts files and their recovery is not always possible, ransomware is considered to be a dangerous computer infection. Users will be unable to open any encrypted files unless they are first decrypted. However, to decrypt them, users will need a special decryptor. The cyber crooks behind this ransomware will try to sell the decryptor to users. The ransom note !INFO.HTA dropped by the ransomware will explain how that can be done. However, paying the ransom is considered to be risky because file decryption is not guaranteed. Users may pay but not receive a decryptor as cyber crooks operating ransomware are not obligated to help users. Victims not receiving a decryptor has happened countless times in the past, so users should be aware that it’s risky.
Unfortunately for users who have not backed up files, file recovery may not be possible at this moment. Malware researchers do release free decryptors when possible but one for Hmmmmm ransomware is not currently available. This may change in the future so users should back up encrypted files and wait for a decryptor to be released. If it was released, it would likely appear on NoMoreRansom. Users should be careful with unknown websites promoting supposed decryptors because they could be potentially malicious.
If users do have backup, they can start file recovery as soon as they remove Hmmmmm ransomware. Connecting to backup while ransomware is still present on the computer would lead to files in backup becoming encrypted as well.
How does ransomware infect a computer
Most ransomware use more or less the same distribution methods. Users who have bad browsing habits have a much higher chance of infecting their computers with malware. Developing better browsing habits can prevent a lot of malware infections.
One of the most common ways users pick up ransomware is by opening unsolicited email attachments. Malware operators launch spam email campaigns using email addresses bought from hacker forums. All users need to do to infect their computers with malware is open the attached malicious file. Fortunately for users, the malicious emails are often quite obvious. The first sign is the sender claiming to be from some known company but the email address being completely random. If the email address looks random, users can immediately disregard it as spam. But perhaps the most obvious sign of a malicious email is grammar and spelling mistakes, as malspam is often full of them. The emails also pressure users into opening email attachments. As a precaution, users should always scan email attachments with anti-virus software or VirusTotal before opening them.
Another common way malware enters a computers is torrents. While users are well aware that malware can often be found in torrents for popular movies, TV series, games and software, they still continue to pirate. Torrent sites are notoriously unregulated, which allows malicious actors to easily put malware in torrents. If users want to avoid their files becoming encrypted, pirating via torrents is not a good idea.
What does the ransomware do?
When ransomware enters a computer, it will start encrypting files. It targets files that are usually the most important to users, including documents, photos and videos. Users will be able to identify the ransomware by the .[ASer51a0@mailfence.com][unique ID].hmmmmm extension added to encrypted files. For example, image.jpg would become image.jpg.[ASer51a0@mailfence.com][unique ID].hmmmmm. Files with that extension will be unopenable. Once it’s done encrypting files, it will show a ransom note !INFO.HTA. The note explains that files have been encrypted and that sending an email to ASer51a0@mailfence.com is necessary to initiate the file recovery process. While the decryptor price is not mentioned in the ransom note, the note does warn that the price will double if users don’t make contact within 48 hours. But as we said above, paying is a very risky option.
Not only can the cyber crooks behind this ransomware choose not to send the decryptor, paying also encourages cyber crooks to continue their malicious activities. As long as users continue to pay the ransom, ransomware will be a problem.
Here is the ransom note dropped by this ransomware:
!!! Your Files Has Been Encrypted !!! your files has been locked with highest secure cryptography algorithm
there is no way to decrypt your files without paying and buying Decryption tool
but after 48 hour decryption price will be double
you can send some little files for decryption test
test file should not contain valuable data
after payment you will get decryption tool ( payment Should be with Bitcoin)
so if you want your files dont be shy feel free to contact us and do an agreement on price
!!! or Delete you files if you dont need them !!!
Your ID :
our Email :ASer51a0@mailfence.com
In Case Of No Answer :Windows358@protonmail.com
Hmmmmm ransomware removal
It’s strongly recommend to use anti-virus software to delete Hmmmmm ransomware. This will ensure that the ransomware is fully gone. Also, since ransomware is a complex malware infection, it’s not recommended to try to remove Hmmmmm ransomware manually. Once the ransomware is gone, users can access backup to start recovering their files.
Hmmmmm ransomware is detected as:
- Win32:RansomX-gen [Ransom] by Avast/AVG
- DeepScan:Generic.Ransom.AmnesiaE.FA2D by BitDefender
- DeepScan:Generic.Ransom.AmnesiaE.FA2DE12F by Emsisoft
- A Variant Of Win32/Filecoder.Ouroboros.E by ESET
- HEUR:Trojan-Ransom.Win32.Generic by Kaspersky
- ML.Attribute.HighConfidence by Symantec
- Ransom:Win32/Spade.DB!MTB by Microsoft
- GenericRXMJ-AK!FD051C28D517 by McAfee
- Ransom.VoidCrypt by Malwarebytes