Matrix ransomware family was first surfaced on the web in 2016. Since then, the developers of Matrix ransomware have introduced many variants from time to time. Recently, security experts have detected a new strain belonging to the same cryptovirological family called GMPF.
Researchers are still trying to find more details regarding the activity of the strain. As of now, it has been found out that GMPF encrypts and appends files on the targeted device with a long extension containing email ID of the attackers, some random letters and the string ‘GMPF’.
The security experts who have extensively studied Matrix cryptovirological family to develop ransomware removal solutions have suggested that the activity of GMPF strain might entail these characteristics.
Use of scare tactic: The operators might pretend as law enforcement officials in the ransom note and allege the targeted users of visiting banned websites (child pornography, zoophilia etc). Such scare tactics are often used by cryptovirological operators to ensure that the targeted users contact them for ransomware removal.
Use of combined encryption: There are strong chances that the operators of GMPF have also used combined encryption of AES and RSA algorithms. The use of both these encryption methods makes the professional ransomware removal an increasingly uphill task.
Rising ransom amount as deadline expires: The previous matrix ransomware variants often give a four-day deadline to the targeted users to contact them. Otherwise, they would increase the amount of extortion money with every passing day.
In order to protect your device from the shenanigans of GMPF attackers, it is advised to be extremely cautious of phishing emails. Majority of ransomware payloads are distributed through phishing emails containing infected attachments. Also, refrain from visiting insecure websites and make sure that your device is not connected to any compromised remote desktop protocol.
