Cryptovirological operators mostly target a network of multiple computers. This is done to increase the prospects of ransom payment from the affected entity to get ransomware removal solution. That’s the general trend that we have seen with ransomware attacks in the last couple of years. However, there are some ransomware developers that have chosen a different approach.
For instance, a recent ransomware report have found out that strains like Matrix are focusing on single machines and devices with weak or unprofessional remote desktop protocols. Experts are of the opinion that Matrix operators have employed this strategy to remain under the radar.
By targeting individual users and small players, Matrix developers try their best to be not on the priority list of cyber security experts and ransomware removal professionals. Experts have also discovered that Matrix ransomware operators also tailor ransom notes for each and every individual target.
For instance, they don’t put extortion amount in the ransom note like other organized and mass-spread cryptovirological strains such as SamSam or NotPetya. Instead, they ask the affected users to email them some of the affected files in the ransom note which pop up in the affected device after the completion of encryption. Matrix operators devise extortion demand to provide ransomware removal key after assessing the nature of data and its importance to the user.
Brute-Forcing: The Infiltration Technique Used by Matrix Operators
Since Matrix operators mostly target their victims by compromising weak RDP protocols, therefore brute-force cracking is their main tool to infiltrate any machine. Even novice hackers can easily infiltrate and infect RDP protocols that are secured through weak login credentials. So, brute-forcing activity from Matrix operators remains effective in most of the cases.
Matrix Ransomware Is Not Tailored Professionally
Not all cybercriminals have the same level of professionalism. Some carry out their activities in a military-grade organized way. Then there are ones that have bare minimum malicious expertise. Matrix operators belong to the latter group. Researchers who have monitored different samples of Matrix infections are of the opinion that its developers are not trained cryptovirological experts. They have found out many incomplete features in the malware used by the attackers.
No Definite Geographical Pattern Is Followed
Many ransomware operators focus their activity to a particular region. However, the reported Matrix infections show an indefinite geographical pattern with its activity. The most Matrix infections have been reported in the US followed by Belgium. The other larger centers of Matrix ransomware activity include Singapore, Germany, Brazil and South Africa. So, it is quite evident that Matrix operators haven’t picked a certain geographical radius for their activity.
Make data backups to neutralize the effect of any possible ransomware attack. Moreover, call professional ransomware operators instead of cybercriminals to get back your locked down data.