Matrix ransomware descriptionRansomware – a virtual extortion toolRansomware overviewRansomware Indicators of Compromise (IOC)Distribution of monay-extortion virusesRemove MATRIX ransomware virus safely
Since Matrix is a multi-version ransomware just like STOP/DJVU, it uses a different file marker extension and ransom note depending on its variant. The matrix-readme.rtf file is a message from the criminals in English and Russian languages. The note informs that all files have been encrypted, and in order to decrypt them, the victim must write to the virus developers via one of provided email addresses and include the personal ID inserted in the ransom note. Matrix ransomware is known to change the desktop wallpaper into a fake FBI message that claims the system and files were locked due to violation of some federal USA laws. According to the message, the victim’s IP address was used to visit forbidden pornographic websites, and that the required amount to pay for the computer unlock is a “penalty” the victim has to pay, rather than a ransom. The criminals claim that they are the only ones who have the right decryption keys to restore data. They suggest purchasing a decryption tool along with key from them for a specific price, or in other words, ransom. Although specific amount is unknown, victims report being asked around $500-$3500 in Bitcoin. In screenshot below, the criminals suggest a “lower” price of $2500 if the victim refrains from asking “any stupid questions.” Some of the known email addresses leading to Matrix virus developers are: BatHelp@protonmail.com, askhelp@protonmail.com, oken@tutanota.com, Files4463@tuta.io, RestorFile@tutanota.com, pyongyan001@yahoo.com, bluetablet9643@yandex.ru, matrix9643@yahoo.com, redtablet9643@yahoo.com, jamesbaker78@criptext.com, decodedecode@yandex.ru, PabFox@protonmail.ru, GetMyPass@qq.com, itdecconsult@yahoo.com, FASTBK@QQ.COM and others. NOTE. Newer variants of this ransomware rename files in the following pattern: [PabFox@protonmail.com].[random characters].FOX, such as [PabFox@protonmail.com].[x6YRfbsd-KJlEpiv1].FOX. If you have been infected with a variant of this virus, we strongly recommend you to remove Matrix ransomware as soon as possible. To repair virus damage on the system, we recommend using RESTORO software.
Ransomware – a virtual extortion tool
Matrix is one among hundreds of ransomware-type cyber threats distributed nowadays, and is very similar to threats such as STOP/DJVU, OONN, VARI, BOOP, XATI, MAZE and other viruses. Programs that fall into this category function almost identically – they all encrypt victim’s files and demand a ransom in exchange for file decryption tools. However, there are some crypto-malware variants that only lock the computer’s screen. Ransom-demanding viruses are dangerous not only because they corrupt personal files, but because they can install additional malware on the system, such as backdoors, rootkits, password-stealing Trojans like AZORULT or similar. Paying a ransom to such virus developers is never recommended. Not only there is chance to never receive the data decryption tools, but also a chance to be infected again if you pay – since the attackers will see you as a potential victim who is willing to pay up for data recovery.
Ransomware overview
Ransomware Indicators of Compromise (IOC)
Screenshot of file folder affected by Matrix ransomware: Matrix ransomware virus changes desktop wallpaper during the attack. Screenshot of it is provided below. Other variant of the wallpaper used by some Matrix variants: Contents of the ransom note matrix-readme.rtf file:
Distribution of monay-extortion viruses
The primary infection vector for Matrix ransomware is RDP Exploits. The attackers are using exposed Windows machines with RDP accessible through firewall. Then, using brute-force method, the attacker can access a foothold computer network. Аttеntiоn! Аll yоur filеs wаs еnсryрtеd.Tо dесryрt thе filеs, Yоu hаvе to shоuld sеnd thе fоllоwing cоdе:ID-[string]tо е-mаil аddrеss: matrix9643@yahoo.comThеn Yоu will rеciеvе аll nеcеssаry instruсtiоns.Аll thе аttеmpts оf dесryptiоn by yоursеlf will rеsult оnly in irrеvосаble lоss оf yоur dаtа.If yоu still wаnt tо try tо dеcrypt thеm by yоursеlf plеаsе mаkе а bаckup аt first bеcаusе thе dесryptiоn will bеcоmе impоssiblе in cаsе оf аny chаngеs insidе thе filеs.If yоu did nоt rеcеivе thе аnswеr frоm thе аfоrеcitеd еmаil fоr mоrе thоn 24 hours (аnd оnly in this cаsе!), usе thе rеsеrvе е-mаil аddrеss:redtablet9643@yahoo.com******************************************************** RDP stands for Remote Desktop Protocol and is known to be a legitimate remote administration tool used to control servers and devices. However, when protected with weak passwords, these connections can be easily cracked using hacking tools. To protect systems against such attacks, secure passwords are required, as well as 2-factor authentification. The ransomware was previously distributed via the infamous RIG exploit kit, although this technique isn’t used today. Other known techniques to spread similar ransom-demanding threats is malicious email spam and illegal downloads. When it comes to malicious spam, criminals craft up convincing messages telling the victim to open the attached “invoice,” “tax return info” and similar files which carry the ransomware payload. Illegal downloads, such as software cracks, are also a very popular malware distribution vector. The ransomware awaits in a specific file that is specified to be the tool that activates premium software licenses for free. Such distribution technique is widely used in STOP/DJVU ransomware attacks.
Remove MATRIX ransomware virus safely
If you have fallen victim to the said ransomware, we strongly recommend you to remove MATRIX ransomware as soon as possible. For virus damage repair on system components, consider using RESTORO. It can also identify malicious remains left in Windows Registry. After a professional Matrix virus removal, start recovering your files from backups. Make sure you clean the computer from viruses thoroughly, because if you plug the external data backup device to the system too early, it might get encrypted as well. Please find a free ransomware removal guide below: OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.
Alternative software recommendations
Malwarebytes Anti-Malware
Method 1. Enter Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it: Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users Now, you can search for and remove MATRIX ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future. Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.