Cybercriminals are warning about another ransomware variant based on the ZEPPELIN malware family that is locking the data on breached computers and extorting the victims for money. The threat is tracked by cybersecurity experts as the Letsgo600 Ransomware, and it is capable of encrypting numerous important filetypes, such as documents, archives, databases, PDFs, photos and more.
Victims of the threat also will notice that their files now have significantly modified names. Indeed, the Letsgo600 Ransomware changes the names of the files it locks, by appending to them the Telegram account of the attackers and a character string it has generated for the specific victim. The account in question is '@letsgo600.' Afterward, the ransom note of the threat will be dropped on the desktop of compromised devices as a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT.'
Ransom Note's Details
Opening the ransom-demanding message reveals that the cybercriminals behind the Letsgo600 Ransomware want to be paid a ransom worth exactly $600. However, the funds must be transferred to the provided crypto-wallet address and must be in Bitcoin. The note mentions on multiple occasions that victims are expected to establish contact by sending a message to the aforementioned '@letsgo600' Telegram account. Affected users can, apparently, send a single encrypted file that will be unlocked for free. The only listed requirement is for the chosen file to contain only non-important information.
The full text of the ransom note is:
'!! ALL YOUR FILES ARE ENCRYPTED!!!
!!! READ AND QUICKLY PAY $ 600 in Bitcoins !!! = 0.014 btc!!!
After 2 days, the ransom will increase by 2 times!!!
!!!Write to the TELEGRAM MANAGER:MY NICKNAME IS @letsgo600 !!!
Bitcoin address bc1qhs2h04y80vcur0k6kgtdtfdhy26k7uwrdy86rh
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decipher it yourself! The only way to recover files is to purchase a unique private key.
Only we can provide you with this key, and only we can recover your files.
To make sure that we have a decryptor and it works, write to the TELEGRAM MANAGER: MY NICKNAME is @letsgo600 and decrypt one file for free.
But this file doesn't have to be valuable!
Do you really want to recover files?
Write to the TELEGRAM MANAGER:MY NICKNAME IS @letsgo600
Your personal ID:
Do not rename encrypted files.
Do not attempt to decrypt your data using third-party software, this may lead to irretrievable data loss.
Decrypting your files with the help of third parties may lead to an increase in the price (they add their commission to ours) or you may become a victim of scammers.'