December 05, 2016

A ransomware virus dubbed Matrix was found. The name comes from the email that is used for contacting the cybercriminals who are spreading it, namely – This email address is being protected from spambots. You need JavaScript enabled to view it.. The malware uses the free command line tool GnuPG for encrypting your files. Malware researcher Rommel Joven has made the discovery of the most recent sample. The ransom message appears after ward, and is written in both Russian and English. To see how to remove this ransomware and if you can try to restore some of your data, read the whole article.
remove matrixMatrix Ransomware – Infection Spread

ransomware can spread its infection in various ways. The most common of these ways is through a payload file. If you download the file and execute it, the malicious script will get executed and will infect your computer. You can see the analysis of the executable file containing the payload on the VirusTotal website right here:

stf matrix ransomware virus malta exe detections on virustotal
Matrix ransomware could be spreading its payload file around social media networks and services for file sharing. The malicious payload script inside might be spread in different files. Lots of freeware and bundled programs could be presented as useful but hide the entry point for this ransomware. Refrain from opening files from suspicious sources such as emails or links, especially after you download them. Beforehand, you should do a scan with a security tool and check their size and signatures for anything that seems suspicious. Read the tips for preventing ransomware from the corresponding forum topic.

Matrix Ransomware – Technical Information

The Matrix ransomware is also a cryptovirus. The malware researcher Rommel Joven has discovered the latest sample of it in the wild.

Matrix ransomware could create entries in the Windows Registry to achieve persistence. These registry entries are designed to make the virus start automatically with each boot of the Windows Operating System.

After your files are encrypted, a ransom note will appear inside of a file named matrix-readme.rtf. That note contains the demands of the cybercriminals for unlocking your files.

You can see the contents from that .rtf file down here:
stf matrix ransomware virus matrix yahoo ransom message note englishThe ransom note in English reads the following:
malware 1The same note in the Russian language:
stf matrix ransomware virus matrix9643 yahoo ransom message note russianIt reads the following:
malware 2There are two emails that are given for contacting the crooks. You should NOT even think of paying or reaching the cybercriminals. This will only support them financially, and nobody can give you a guarantee that your files will get decrypted after paying.

The Matrix ransomware encrypts files, but the encryption algorithm that is used is currently not known. A list with all file extensions that the virus searches to encrypt is not yet available. The free command line tool GnuPG is used for encrypting the files according to Rommel Joven.

The Matrix cryptovirus erases the Shadow Volume Copies from the Windows operating system by using the command given here:
malware 3The ransomware also uses the following command:
malware 4That command is for completely erasing all data about files that were already deleted. This means that if the command is executed properly, it will erase that data and Recovery Data Software might not work into restoring it. Read further to find out what restoration methods you can try to recover some of your files.

Remove Matrix Ransomware and Restore Your Files

If your computer got infected with the Matrix ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Matrix.

Manually delete Matrix Ransomware from your computer
malware 5News Courtesy :