.Mmpa file virus ransomware

[charliellantino]

I downloaded an application then suddenly when i install it i turns out a virus then my pc got infected all of my files cannot be opened. The file is .mmpa I dont know anything how to fix this i hope someone can help me here. I don't know if i should just reset my pc or maybe there is a way to fix it without reseting or reformating it

[Eigenvektor]

It depends. If you got infected with the newer version, there's probably nothing you can do to get your files back. It is ransomware that uses strong encryption (AES-256 CFB [source]), so there's virtually zero chance of breaking it without getting access to the encryption key. The old version stored the key offline, which is how the security researchers were able to rescue your files. But without access to the key, there's essentially no way to decrypt them.

 

See: https://www.pcrisk.com/removal-guides/19143-mmpa-ransomware

Quote

 

There are currently two versions of Djvu ransomware infections: old and new. The old versions were designed to encrypt data by using a hard-coded "offline key" whenever the infected machine had no internet connection or the server was timing out/not responding. Therefore, some victims were able to decrypt data using a tool developed by cyber security researcher, Michael Gillespie, however, since the encryption mechanism has been slightly changed (hence the new version, released in August, 2019), the decrypter no longer works and it is not supported anymore. If your data has been encrypted by an older version, you might be able to restore it with the another tool developed by Emsisoft and Michael Gillespie.

 

 

[PineyCreek]

https://www.nomoreransom.org/en/decryption-tools.html

 

I'm posting this link as general information...doesn't appear to have a tool for this specific ransomware, but it does have quite a few tools.

[charliellantino]

10 minutes ago, Eigenvektor said:

It depends. If you got infected with the newer version, there's probably nothing you can do to get your files back. It is ransomware that uses strong encryption (AES-256 CFB [source]), so there's virtually zero chance of breaking it without getting access to the encryption key. The old version stored the key offline, which is how the security researchers were able to rescue your files. But without access to the key, there's essentially no way to decrypt them.

 

See: https://www.pcrisk.com/removal-guides/19143-mmpa-ransomware

 

THanks for the info! If i reset my pc will it be back to normal? Sorry i'm noob when it comes to this things

[charliellantino]

Just now, PineyCreek said:

https://www.nomoreransom.org/en/decryption-tools.html

 

I'm posting this link as general information...doesn't appear to have a tool for this specific ransomware, but it does have quite a few tools.

Ok thank you

[Eigenvektor]

1 minute ago, charliellantino said:

THanks for the info! If i reset my pc will it be back to normal? Sorry i'm noob when it comes to this things

If by "reset" you mean wipe the disk and reinstall Windows, then yes, that should fix it.

 

Obviously you are going to lose all your files you haven't backed up somewhere. You should avoid backing up already infected files, because chances are you'll carry over the infection to the new installation.

[charliellantino]

11 minutes ago, Eigenvektor said:

If by "reset" you mean wipe the disk and reinstall Windows, then yes, that should fix it.

 

Obviously you are going to lose all your files you haven't backed up somewhere. You should avoid backing up already infected files, because chances are you'll carry over the infection to the new installation.

Okay thank you again! I appreciate it

[charliellantino]

36 minutes ago, PineyCreek said:

https://www.nomoreransom.org/en/decryption-tools.html

 

I'm posting this link as general information...doesn't appear to have a tool for this specific ransomware, but it does have quite a few tools.

I tried it but after clicking okay it returns to choosing language

[Mark Kaine]

Maybe dumb question but how does this 'ransomware' not get detected by windows defender? Which OP has apparently been using (I assume)