December 05, 2016
Matrix Ransomware – Infection Spread
Matrixransomware can spread its infection in various ways. The most common of these ways is through a payload file. If you download the file and execute it, the malicious script will get executed and will infect your computer. You can see the analysis of the executable file containing the payload on the VirusTotal website right here:
Matrix ransomware could be spreading its payload file around social media networks and services for file sharing. The malicious payload script inside might be spread in different files. Lots of freeware and bundled programs could be presented as useful but hide the entry point for this ransomware. Refrain from opening files from suspicious sources such as emails or links, especially after you download them. Beforehand, you should do a scan with a security tool and check their size and signatures for anything that seems suspicious. Read the tips for preventing ransomware from the corresponding forum topic.
Matrix Ransomware – Technical Information
The Matrix ransomware is also a cryptovirus. The malware researcher Rommel Joven has discovered the latest sample of it in the wild.
Matrix ransomware could create entries in the Windows Registry to achieve persistence. These registry entries are designed to make the virus start automatically with each boot of the Windows Operating System.
After your files are encrypted, a ransom note will appear inside of a file named matrix-readme.rtf. That note contains the demands of the cybercriminals for unlocking your files.
You can see the contents from that .rtf file down here:
The ransom note in English reads the following:
The same note in the Russian language:
It reads the following:
There are two emails that are given for contacting the crooks. You should NOT even think of paying or reaching the cybercriminals. This will only support them financially, and nobody can give you a guarantee that your files will get decrypted after paying.
The Matrix ransomware encrypts files, but the encryption algorithm that is used is currently not known. A list with all file extensions that the virus searches to encrypt is not yet available. The free command line tool GnuPG is used for encrypting the files according to Rommel Joven.
The Matrix cryptovirus erases the Shadow Volume Copies from the Windows operating system by using the command given here:
The ransomware also uses the following command:
That command is for completely erasing all data about files that were already deleted. This means that if the command is executed properly, it will erase that data and Recovery Data Software might not work into restoring it. Read further to find out what restoration methods you can try to recover some of your files.
Remove Matrix Ransomware and Restore Your Files
If your computer got infected with the Matrix ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Matrix.
Manually delete Matrix Ransomware from your computer
News Courtesy : http://sensorstechforum.com/remove-matrix-ransomware-restore-files/