Jump to content

Decriptare file formato .MMPA


Recommended Posts

Qualche tempo fa scaricai alcuni file da un sito con all'interno qualche tipo di virus che mi ha trasformato tutti i miei file personali nel formato .MMPA. Formato file che non ho mai sentito. Sto cercando in tutti i modi di decriptare questi file di lavoro, che mi servirebbero per fare un mio personale portofolio, ho quai perso la speranza. Esiste un modo per decriptare e riportare al loro formato originale questi file?

Cattura.JPG

Link to post
Share on other sites

Hi,  :welcome:

 

My name is Maurice. I will be helping and guiding you, going forward on this case.

I regret to know that you have been victimized by a ransomware.

See these resources about ransomware infections at Bleepingcomputer forum

https://www.bleepingcomputer.com/forums/t/608858/id-ransomware-identify-what-ransomware-encrypted-your-files/

https://www.bleepingcomputer.com/forums/t/671473/stop-ransomware-stop-puma-djvu-promo-drume-support-topic/

 

The ransomware would have self-deleted after doing its dirty deeds.

The ransomware only encrypts certain types of files, like MS Office files and certain image-type files, PDF files, and some others.

There is no known current decrypter tool to recover your files.

 

The best way would be to recover from very recent  ( or even old ) good previously saved Backups.

You can gather a report-list of all MMPA files by using this custom script.

Save the file I have attached with this reply named search-script2.txt   to either the Downloads folder  ( or else to your Desktop ).

search-script2.txt

 

Next, do a right-click on the file and select RENAME

and rename it to search-script2.bat

Next, lets run it.  Right-click on search-script.bat  and select RUN as Administrator

and reply YES  when prompted by Windows  in order to proceed with the script process.

When all completed, see the text file named ksearch_results.txt   on your DESKTOP.

 

.

The ransom notes can be deleted using Ransom note cleaner tool. there is a small app to do that named Ransomnote cleaner http://www.bleepingcomputer.com/download/ransomnotecleaner/   .

 

.

Malwarebytes for Windows Premium has multiple real-time protections, including anti-ransomware.  It would have stopped this ransomware.

 

For sure, make sure that the Windows System Restore service is ON.

https://www.tenforums.com/tutorials/99782-enable-disable-system-restore-windows.html

 

Also be very sure that Volume Shadow Copy service is ON  ( enabled)

Run MSCONFIG   (  press Windows-key +R key   and type in MSCONFIG)

scroll thru and be sure that Volume Shadow Copy has a check-mark  on the right side.

next

Press and hold the Windows-flag-key on keyboard and tap the *R* key to get the RUN menu option.

type in

services.msc

and press Enter key. 

Scroll down the list. Look for 
"Volume Shadow Copy"  is listed there, with a Startup type of Manual.

.

Backup is your best friend.  Make regular backups of your system on offline media.  It is best if you would keep 3 generations, with one of those kept outside of your regular location   { perhaps on a cloud location, such as Onedrive  or even Google drive ) .

.

I am listing below 3 possible ways to try to see if your files can be recovered.  These are things you can try.  But first, I need to re-emphasize some things.

This is a very new ransomware variant.  There is no known current decrypter tool.

Ransomwares delete themselves after doing their deed.   Malwarebytes has no decrypter for any encrypted file.

Ransomwares also disable System Restore and delete all system restore points.

They also delete volume shadow copies typically.

 

Restoring from backups is the best way to recover files.  Backup is your best friend.

If you have made backups from before the infection, use backup to do restores.

If you have no prior backups, see one of the other ways below.

 

You may try what follows on some of your files with the .mmpa   extension  to see if Windows "may" have a old copy.   Note none of these can “fix” the encrypted files.

 

Remember that each new file you create or save on your machine may well over-write the space used by a old deleted file.

[ 1 ]

  Pick one file.  you can right-click on the file, go into Properties, and select the Previous Versions tab. This tab will list all copies of the file that have been stored in a Shadow Volume Copy and the date they were backed up

see if yours shows a line entry with some old date prior to date of infection.

To restore a particular version of the file, simply click on the Copy button and then select the directory you wish to restore the file to.

See if that works for you.   If it works on one file, then try another.

If not, see # 2 & # 3 below;   as well as the summary notes at bottom.

 

[ 2 ]

Try using a program named Shadow Explorer.

Shadow Explorer allows you to browse the Shadow Copies created by the Windows Vista / 7 / 8 / 10 Volume Shadow Copy Service.

See the about page   https://www.shadowexplorer.com/

Download page   https://www.shadowexplorer.com/downloads.html

Here is one how – to  guide ( article ) on Shadow Explorer

https://www.linglom.com/it-support/recover-deleted-files-on-windows-with-shadow-explorer/

 

[ 3 ]

It may be possible to use a file recovery tool like Recuva to recover some files. There is no guarantee it will work.  But worth trying.

Recuva can help in finding older deleted copies of your files.  Note, it cannot “fix” encrypted files.

https://www.ccleaner.com/docs/recuva/using-recuva

 

This link is to a generic  video guide on Youtube   

 

 

This link is a generic written guide  

https://www.howtogeek.com/howto/2216/restore-accidentally-deleted-files-with-recuva/

 

 

Other general comments:

This is a brand new variant of ransomware.  It appears to be a new one of the STOP ransomware.

Keep the .MMPA files as they are.  It is possible that in the future a decrypter may be made available.

 

Lastly:

Please never go to dodgy sites to get apps, games, tools, or other downloads.

Pirate sites often have malware.   Free or nearly free or very low price copies of “stuff” can be bundled with malware.

 

Backup is your best friend always.  Make regular offline backups of your system to offline media.

 

Malwarebytes for Windows Premium has multiple protections.  That include ransomware protection.

If your pc had had it installed before   ( prior to this incident) ,  it would have stopped this ransomware.

 

You may run a scan with Malwarebytes for Windows to check your machine.

You should also scan your machine with a antivirus, like Windows Defender on Windows 10 or 8.1

Let me know if you need other help.

Sincerely.

 

Edited by Maurice Naggar
Link to post
Share on other sites

I would urge you highly to stay far away from hack / cracked software of any sort. Whether a so called free program or free game, or whatever.
Hidden risks in pirated software
https://news.microsoft.com/apac/2019/01/08/hidden-risks-in-pirated-software/

Why You Shouldn't Use Pirated Software
https://www.computer.org/publications/tech-news/trends/why-you-shouldnt-use-pirated-software

Torrenting & file-sharing. Try to not do that, as a general security matter. All it takes is one malicious file to lead to tragedy & loss.
https://informationsecuritybuzz.com/articles/torrenting-know-risks-take/

DON'T FALL FOR THE MONEY-SAVING LURE OF CRACKED SOFTWARE
https://scambusters.org/crackedsoftware.html

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.