Malware researcher Jérôme Segura from Malwarebytes has discovered that Matrix Ransomware is now being distributed through malvertising campaign.
— EKFiddle (@EKFiddle) October 26, 2017
Since then the Matrix ransomware slightly disappeared from the threat landscape, but now it seems to be back and it is being delivered through malvertising campaign that triggers an Internet Explorer flaw (CVE-2016-0189) and Flash one(CVE-2015-8651).
When a computer is infected with the latest variant of the Matrix Ransomware, the malicious code will encrypt the files on the victim’s machine, scramble their file names, and append the .email@example.com extension to the file scrambled name.
The ransomware also drops a ransom note (#_#WhatWrongWithMyFiles#_#.rtf) in every folder that contains files it encrypted, then it will display a ransom screen.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.