Matrix Ransomware is back under the distribution of RIG Exploit Kit
Security researcher Jérôme Segura of Malwarebytes has discovered Matrix Ransomware being distributed through RIG exploit kit on malicious display sites.
Matrix Ransomware was first distributed at the end of 2016 and it was destroyed in April 2017. Since then, this ransomware has disappeared until it was discovered yesterday.
According to Segura, Matrix ransomware is installed via exploitation packages on the website displaying malicious ads, aimed at vulnerabilities in Internet Explorer (CVE-2016-0189) and Flash (CVE-2015-8651). Both of these vulnerabilities are based on users using the updated versions of Internet Explorer and Flash Player.
The infection method is quite simple, only if the user has access to one of the websites containing malicious ads using a poor security computer, he will be infected with ransomware. This is also the reason users should regularly install security updates available in the installation program and operating system.
After infecting the computer, the current Matrix Ransomware version will encrypt the files on the device, get the file name and add the .pyongyan001 @ yahoo.com utility to the file name stolen. Below is an example of an encrypted folder.
During infection, this ransomware will also send a note to the user about the ransom named # _ # WhatsWrongWithMyFiles # _ #. Rtf in the folder containing the encrypted file. Finally, it will display the notification screen, providing information about what happened to the file and instructing the user how to resolve it.
How to protect your computer from Matrix Ransomware
To protect your computer against Matrix Ransomware threat, first, you need to make sure that you have updated all Windows security updates and other programs.
You should also create a reliable data backup that can be restored in an emergency.
Install security software containing malicious behavior detector like Malwarebytes or Emsisoft Anti-Malware. If you are using Windows 10 Fall Creators Update, you can also use the Controlled Folder Access feature to protect important documents from the risk of encryption.
Last but not least, you should create your own online security habits when using email, be cautious of unknown attachments, .
You should read it
- 7 kinds of ransomware you didn't expect
- Answer common questions about dot matrix printers
- Why is Ransomware the perfect hack?
- Matrix functions in Excel
- MINVERSE function - The function returns the inverse matrix of a given matrix in Excel
- Learn about Ransomware: 6 ransomware on computers
- List of the 3 most dangerous and scary Ransomware viruses
- Protect your computer right before the return of two extremely dangerous ransomware
- Can a VPN Protect You From Ransomware?
- General guidelines for decoding ransomware
- How to Use MatLab to Solve Matrix Equations and Perform Statistical Analysis
- A ransomware declared decommissioned and refunded the ransom to the victim
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows