Threat Database Ransomware Middleman2020 Ransomware

Middleman2020 Ransomware

By GoldSparrow in Ransomware

A new ransomware threat was recently spotted – the Middleman2020 Ransomware. Upon further investigation, cybersecurity experts concluded that the Middleman2020 Ransomware might be a variant of the Maoloa Ransomware.

Malware researchers have been unable to confirm what are the exact infection vectors employed in spreading the Middleman2020 Ransomware. There have been speculations that this threat has been propagated using fraudulent application updates, infected pirated software and, likely, mass spam email campaigns. Once the Middleman2020 Ransomware gains access to a system, it performs a quick scan. The scan determines the location of the files which the Middleman2020 Ransomware will be encrypting. Then, the encryption process begins. When a file undergoes the encryption process of the Middleman2020 Ransomware, its name will be altered. The Middleman2020 Ransomware adds a ‘.middleman2020’ extension at the end of the filename. This means that a file previously called ‘black-pigeon.png’ will have its name changed to ‘black-pigeon.png.middleman2020’ when the encryption process is over. The Middleman2020 Ransomware will then drop its ransom note. The note is named ‘!INSTRUCTI0NS!.txt.’ Using all caps and exclamation marks when naming a ransom note is a very common practice among cyber crooks. By doing this, they reduce the chances of the ransom note ending up not noticed by the user. In the note, the attackers warn the user against renaming any of the affected files. They also tell the victim that all their data will be permanently lost if they attempt to decrypt their files via a third-party application. They provide two email addresses where they demand to be contacted – ‘’ and ‘’

It is never advisable to give in to the demands of cyber crooks. Instead, you should look into obtaining a legitimate anti-malware application and use it to wipe the Middleman2020 Ransomware off your computer.


Most Viewed