• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

A variant of Matrix ransomware that closes fire handles before encryption

September 24, 2018Simeon Georgiev

Matrix ransomware was first discovered by cybersecurity experts at the end of 2016. In its budding phase, it was only able to lock down the screen. However, the developers of Matrix ransomware have been constantly improving their cryptovirological platform by introducing new variants. The Matrix ransomware family is now fully capable of encrypting stored files.

Last month, a team of malware hunters discovered a new variant of matrix ransomware that tries to pull off complete encryption in the targeted device by closing down all the file handles before starting their encryption. It has also been noted that the new variant that appends the locked down files with extension . ‘Fox’ is constantly monitored from Matrix operators’ command and control center.

It involves slow encryption

Due to the additional activity of closing down file handles through a batch file execution, the process of encryption of the new Matrix variant becomes really slow. This limitation of the strain provides the affected users to disrupt the cryptovirological process in the midst by taking immediate ransomware removal measures.

As the encryption progresses, a file that contains ransom note appears in every affected folder. The attackers have provided three emails is the ransom note. However, they haven’t specified the amount of extortion money for ransomware removal.

The new variant of  ransomware uses two different encryption algorithms to lock down the files. Symmetric encryption of AES-128 and asymmetric encryption of RSA-2048 have been used in Fox Matrix ransomware.

It is important to note that the new variant of ransomware doesn’t hide the ongoing encryption activity like most of the cryptovirological strains. A window showing encryption status opens on the home screen as the strain starts its activity. Through this feature, the operators actually monitor the real-time encryption activity on the affected devices.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post The threat of ransomware in the Middle Eastern region Next post Scottish Brewery Attacked By a Ransomware

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.