Matrix, the ransomware that analyzes the victims’ files to define the ransom payment

A new variant of malicious software is used to perform specially targeted attacks

According to network security and ethical hacking specialists from the International Institute of Cyber Security, ransomware remains one of the main threats that organizations face, regardless of their size or the branch they belong to. Recently, the outbreak of new malicious software, known as Matrix, has been detected.

Some variants of the Matrix ransomware had been detected earlier, although recent reports reveal that this new outbreak of infections has some relevant differences, including some new traits to infection.

Matrix addresses endpoints through Windows Remote Desktop Protocol (RDP) services, probably using brute-force attacks on Internet-connected computers to access systems, as reported by network security experts.

During encryption, Matrix hides the original name of the files, adding its own extension (.MTXLOCK); so far there is no tool to remove the encryption imposed by this ransomware.

Like many other ransomware variants, Matrix tries to eliminate the snapshots taken by Windows Shadow Copy (a service that allows to create backup copies of the files on the user’s machine) to try to prevent users from easily restoring their information.

Network security specialists comment that, unlike other malicious software families, Matrix does not require a cryptocurrency ransom payment. Instead, hackers try to define the profile of the victim to perform a specially targeted attack.

Criminals request the victim to send some samples of their encrypted files, in addition to the KEYIDS.KLST file, which malware deposits on the victim’s desktop. Subsequently, the attackers eliminate the encryption of these files and, with the information contained in them, they try to delimit the profile of the victim and the nature of the encrypted information, thus they can elaborate a request of ransom according to the value of the data and the economic resources of the victims.

This feature could be especially risky for companies. The conventional attacks of ransomware do not stop to think about the nature of the information compromised, however, the ransomware Matrix determines the scope of the attack as it can obtain resources from the victim; In other words, the bigger the fish, the greater the reward.

It has been reported from some cases in which Matrix has managed to disable various security software solutions, as the ransomware is able to cope with anti-virus solutions instead of trying to dodge them. In addition, the incentives that the attackers have in mind are large enough to risk deploying the infection.