Last week, it was reported that two new variants of Matrix Ransomware had been discovered by cyber experts. These variants are being installed through Remote Desktop services which are already hacked. These variants are data locker ransomware which encrypts your data with the common goal which is to earn profit, but they differ with each other in functioning. One of the variants have some advanced functionality as it contains larger numbers of debugging messages then the another variant and also make use of cipher to clean up free space available in computer’s memory.
Likewise earlier versions of Matrix Ransomware these two recent versions also spread by making advantage on vulnerably protected Remote Desktop Protocol connections primarily. There are many vulnerabilities of which the cyber criminals take advantage of like poor password protection or weak security measures implemented. The ransomware spread itself to its prey by making use of the method brute-force attack. The installer is uploaded and executed on a computer just after the attackers gain access to it. Both the variants of Matrix Ransomware are being communicated at present and both are being installed over hacked Remote Desktop Protocol. Both of these perform numerous functions like they encrypt unmapped network shares, clear shadow volume copies, encrypt the names assigned to a file and at the time of encrypting display status window. The first variant of Matrix Ransomware can be easily identified by [email protected] extension and the second version can be identified by extension [email protected]
When the first version of Matrix ransomware runs on your PC it opens two windows simultaneously one representing status message regarding the encryption process and other displays information related to network share scanning. After the encryption is completed successfully this variant will append an extension of [email protected] to the files encrypted. For example if an image file named ABC.jpg is encrypted by this variant it may look like [email protected] after the encryption is complete.
On the other hand the second variant of Matrix Ransomware uses the same method to encrypt. It allocates the extension [email protected] as a suffix to a file after its encryption is done. It also displays two windows simultaneously one of which shows the ongoing encryption process and the second one screens network scanning, but you will come to notice that in this variant there is a greater logging as compared to the previous one.
The email addresses provided to communicate in the ransom note of the second variant is also different from the addresses used in the first variant and the name of the ransom note is also different. This variant is said to be a bit more advanced because it contains debugging messages which are better than the debugging messages used in the first variant and it also capitalizes cipher command to overwrite all the available space on the computer after the completion of encryption which restrict the victim to recover his/her file using any data recovery software.
The name of the ransom note dropped by the first and the second variant in the scanned folder are !ReadMe_To_Decrypt_Files!.rtf and #Decrypt_Files_ReadMe#.rtf respectively. The email addresses displayed in the ransom note generated by the first variant of Matrix Ransomware are [email protected], [email protected], and [email protected] and the email addresses displayed on the ransom note of the second variant are [email protected], [email protected], and [email protected] email. These email addresses are provided to the victims so that they could establish a contact with the attacker and pay the ransom amount using it. Both the variants after successful encryption also change your desktop background image.
So, after knowing about the perilous effects of these variants of Matrix Ransomware, it is necessary for you all to look into your computer in order to check that is the Remote Desktop Services properly locked down on your computer, if you are really concerned about the privacy of your data.
Other Sources Visit : AES-Matrix Ransomware