Matrix ransomware was first discovered by cybersecurity experts at the end of 2016. In its budding phase, it was only able to lock down the screen. However, the developers of Matrix ransomware have been constantly improving their cryptovirological platform by introducing new variants. The Matrix ransomware family is now fully capable of encrypting stored files.
Last month, a team of malware hunters discovered a new variant of matrix ransomware that tries to pull off complete encryption in the targeted device by closing down all the file handles before starting their encryption. It has also been noted that the new variant that appends the locked down files with extension . ‘Fox’ is constantly monitored from Matrix operators’ command and control center.
It involves slow encryption
Due to the additional activity of closing down file handles through a batch file execution, the process of encryption of the new Matrix variant becomes really slow. This limitation of the strain provides the affected users to disrupt the cryptovirological process in the midst by taking immediate ransomware removal measures.
As the encryption progresses, a file that contains ransom note appears in every affected folder. The attackers have provided three emails is the ransom note. However, they haven’t specified the amount of extortion money for ransomware removal.
The new variant of ransomware uses two different encryption algorithms to lock down the files. Symmetric encryption of AES-128 and asymmetric encryption of RSA-2048 have been used in Fox Matrix ransomware.
It is important to note that the new variant of ransomware doesn’t hide the ongoing encryption activity like most of the cryptovirological strains. A window showing encryption status opens on the home screen as the strain starts its activity. Through this feature, the operators actually monitor the real-time encryption activity on the affected devices.