520 Ransomware

A new threat named 520 Ransomware has been discovered by infosec researchers. So far, the 520 Ransomware has not been classified as being a variant from any of the already established ransomware families indicating that it could be a more unique threat. Even if that is the case, it still operates as typical ransomware aiming to infect the targeted computers and then locking the data stored there with a strong encryption algorithm. All affected files will have '.520' appended to their names as a new file extension. Instructions for the victims will be provided as a ransom note dropped on the system inside a text file named '!_INFO.txt' file.

Ransom Note’s Overview

The ransom-demanding message reveals that victims will have to pay an unspecified ransom to the attackers to receive a supposed software decryption tool. Additional details about the payment will be provided after establishing contact via the two email addresses found in the note - '520hard@mail.ee' and '520hard@cock.li.' The messages must include the specific ID string assigned to the victim. Victims also can attach up to 2 locked files to their initial email. The hackers promise to decrypt the files for free. The only requirements are that the files must be either pictures or text files, and they should not exceed 1MB in size.

The 520 Ransomware full note is:

‘WARNING! YOUR FILES ARE ENCRYPTED!

Don't worry, your files are safe, provided that you are willing to pay the ransom.

Any forced shutdown or attempts to restore your files with the thrid-party software will be damage your files permanently.

The only way to decrypt your files safely is to buy the special decryption software from us.

Before paying you can send us up to 2 files for free decryption as guarantee.

Send pictures, text files. (files no more than 1mb)

You can contact us with the following email

520hard@mail.ee

520hard@cock.li

Send us this ID or this file in first email

ID:’