Home Malware Programs Ransomware Middleman2020 Ransomware

Middleman2020 Ransomware

Posted: June 21, 2019

The Middleman2020 Ransomware is a file-locking Trojan and a variant of the Maoloa Ransomware. The Middleman2020 Ransomware can block media on your computer through encryption and make other system changes, such as removing your Restore Point data. Users can protect their files with appropriate backups and always should have a dedicated anti-malware solution for uninstalling the Middleman2020 Ransomware.

Middlemen Sidling Between You and Your Media

Digital media's newest opponent is a child of a little-seen family that malware experts can confirm, is still attacking companies in the summer of 2019. The Middleman2020 Ransomware is a variant of the Maoloa Ransomware, which consists of a much smaller group of file-locker Trojan relatives than families like Hidden Tear or the Scarab Ransomware. Its unusual choice of SHACAL-2 encryption makes for a decryption-proof way of taking documents and other files hostage.

The Middleman2020 Ransomware update to the Trojan uses a ransom note that's similar to the Globe Imposter Ransomware's equivalent, a TXT file that gives out e-mail addresses for negotiating and offers a two-file 'free sample' of the unlocker. It only creates this file after blocking the user's digital media, however, through the previously-mentioned encryption algorithm. As per similar threats, victims can anticipate corresponding extension changes to their files' names with the 'middleman2020' string.

Although malware experts are verifying live attacks by the Middleman2020 Ransomware, they have yet to confirm which business sectors are the targets. These infections may be related to opportunity-based exploits, such as brute-forcing a server's login or scanning for sites with vulnerable software. Updating CMS platforms like Drupal and WordPress is a general recommendation for the safety of all servers since most vulnerabilities aren't zero-day (or non-patchable).

Keeping the Man from Getting Your Files Down

Since the advent of the first release of Maoloa Ransomware, additional details on its payloads and development are showing up in new versions, including the Middleman2020 Ransomware. It may disable database and server utilities like MongoDB and MySQL, erase Windows logs of evidence, reset your Remote Desktop Protocol settings, and, of course, delete the Shadow Volume Copies. That last function is one that the Middleman2020 Ransomware has in kind with most file-locker Trojans and is a means of blocking off convenient backup solutions.

Users should, however, be backing their files up onto other devices for keeping them secure from most file-locking Trojans and other threats. Appropriately complex password use is another habit that can lock the Middleman2020 Ransomware's threat actors out of compromising servers through the usual, brute-forcing methodology. As a last resort, anti-malware programs can delete the Middleman2020 Ransomware and its family members reliably.

The Middleman2020 Ransomware's name may be referencing the American political scene, but file-locking Trojans attack the world all over. Server administrators should remember the ongoing nature of these threats and protect their site's contents correspondingly.

Loading...