Matrix Ransomware is back under the distribution of RIG Exploit Kit

Security researcher Jérôme Segura of Malwarebytes has discovered Matrix Ransomware being distributed through RIG exploit kit on malicious display sites.

Matrix Ransomware was first distributed at the end of 2016 and it was destroyed in April 2017. Since then, this ransomware has disappeared until it was discovered yesterday.

According to Segura, Matrix ransomware is installed via exploitation packages on the website displaying malicious ads, aimed at vulnerabilities in Internet Explorer (CVE-2016-0189) and Flash (CVE-2015-8651). Both of these vulnerabilities are based on users using the updated versions of Internet Explorer and Flash Player.

The infection method is quite simple, only if the user has access to one of the websites containing malicious ads using a poor security computer, he will be infected with ransomware. This is also the reason users should regularly install security updates available in the installation program and operating system.

After infecting the computer, the current Matrix Ransomware version will encrypt the files on the device, get the file name and add the .pyongyan001 @ yahoo.com utility to the file name stolen. Below is an example of an encrypted folder.

Matrix Ransomware is back under the distribution of RIG Exploit Kit Picture 1

During infection, this ransomware will also send a note to the user about the ransom named # _ # WhatsWrongWithMyFiles # _ #. Rtf in the folder containing the encrypted file. Finally, it will display the notification screen, providing information about what happened to the file and instructing the user how to resolve it.

Matrix Ransomware is back under the distribution of RIG Exploit Kit Picture 2

How to protect your computer from Matrix Ransomware

To protect your computer against Matrix Ransomware threat, first, you need to make sure that you have updated all Windows security updates and other programs.

You should also create a reliable data backup that can be restored in an emergency.

Install security software containing malicious behavior detector like Malwarebytes or Emsisoft Anti-Malware. If you are using Windows 10 Fall Creators Update, you can also use the Controlled Folder Access feature to protect important documents from the risk of encryption.

Last but not least, you should create your own online security habits when using email, be cautious of unknown attachments, .