Matrix Ransomware - CryptoStopper Can Help!

Jordan Kadlec

We recently had an individual inquire about a form of ransomware named Matrix. Unfortunately, there is currently no way to decrypt files that are encrypted by the Matrix ransomware without paying the ransom. We have included that transcript of the conversation between our Security Analyst and the tech who has had a client infected by Matrix. Too many of our conversations go this way. Having CryptoStopper would have prevented this and having CryptoStopper in your cyber security arsenal will prevent this from happening to you.

What is Matrix Ransomware?

Matrix ransomware is much like all other forms of ransomware. The developers distribute the malware via spam emails with malicious attachments, most commonly in the form of Word (DOC) or Excel (XLS) files. These documents contain built-in macros that, when enabled, download and run the ransomware. Once Matrix has been installed, and the encryption process has finished, .matrix will be appended to the end of files that have been encrypted.

Following a successful encryption process, Matrix ransomware will place a text file named matrix-readme.rtf or Readme-Matrix.rtf in every folder that contains an encrypted file. 

matrix-homepage.jpg

This file includes instructions on how to decrypt your files through paying a ransom. Currently, the ransom is demanded in Bitcoins, ranging from $500 to $1,500. Upon opening the file, we can see that the message appears in both Russian and English; indicating that these are the targets of Matrix.

Life Without CryptoStopper

Matrix Ransomware Chat Exchange.png

As illustrated in the conversation between our Security Analyst and a technician whose client has been infected with Matrix, ransomware can be a nightmare. There is currently no decryptor available for Matrix and to make matters worse, this company didn’t have their files backed up. Meaning, in order to recover their files, they are going to have to pay the ransom. We also must pay close attention to the closing sentence. We have found that once you have been attacked by one form of ransomware, you are more prone to becoming a victim of future attacks.

How can you prevent this from happening? CryptoStopper, developed by WatchPoint, stops ransomware attacks in their tracks. CryptoStopper uses deception technology in the form of Watcher Files placed on your network. The program continuously monitors the Watcher Files for the encryption process to start and will immediately identify the ransomware attack in seconds. CryptoStopper instantly isolates the infected workstation from the network, then shuts down the workstation. Upon isolating the attack, the program will send you an email notification informing you that a ransomware attack has been discovered and contained. On average, CryptoStopper stops a ransomware attack in 17 seconds, preventing all your targeted files from being encrypted and minimizing the damage done.

WatchPoint has the largest list of decryptors on the internet. A decryptor allows you to recover your files without paying the ransom, saving you money and decrypts your files for free. If you have been infected with ransomware, the first thing you should do is check to see whether a decryptor is available. The next thing you should do is call WatchPoint.

Share this: