Matrix Ransomware file-encrypting virus: Removal Guide

As technology advances, so does the tenacity of cyber-criminals. Therefore, we need to make ourselves aware and ready to face any situation by gathering information about the various digital threats that are surfacing.

Technology is like a coin which has both positive and negative sides. If used positively it helps us to make our work easy and fast. However, it can also be harmful and destructive if used for a nefarious purpose.

Recently on December 1, 2016, an extremely dangerous Ransomware appeared which is known as Matrix Ransomware.

What is a Ransomware?

Ransomware is the most dangerous type of computer virus one can encounter. It encrypts all the data on victim’s computer, making it impossible to decrypt. All data including personal files is compromised, as all the data is distorted.

How it attacks the system?

It attacks the system in form of a spam mail that appear like job resumes, offers and invoices etc. Once you click on such e-mails messages from unknown sources, they download a script that encrypts data. Once the task is completed your system becomes unusable and you get a note that demands ransom. It’s very difficult to get hold of these cyber criminals as the Internet makes it easy for them to get into anybody’s system. It is easy for a Ransomware to breach defenses and exploit computer system or network, by finding the system vulnerabilities.

See Also: Top 5 Ransomware Protection Tools

Matrix Ransomware

Matrix Ransomware works as Crypto Trojan. It distorts files using a combination of AES and RSA encryption algorithms. Matrix Ransomware is targeting bilingual speakers as the note displayed on the system is in English and Russian. It is assumed that the Ransomware is developed by Russian Hackers as the note first appears in Russian. Once the encryption is successful it places a ‘files matrix-readme.rtf’. in each encrypted folder with the message to demand ransom. Also, it appends “.matrix extension” to the name of each encrypted file.

Once the system is taken over, user sees a wallpaper with counterfeited messages. This wallpaper has FBI logo and claims that devices have been blocked due to illegal activity and has detected pornographic content.

This message frightens naïve and inexperienced users and they become a victim of this menace. As in the message, hackers ask to contact them via email addresses: thematrixhasyou9643@yahoo.com or cremreihanob1979@yandex.ru .

Do not fall for such tricks and do not attempt to contact these cyber criminals nor pay any ransom.

Preventive measure to save data from viruses

It is always recommended to use an updated anti-virus to protect your system from such attacks.

Anti-viruses are not 100% effective in controlling a Ransomware. Therefore, once must always take a synchronous backup and use cloud services to safeguard data. Also, check what you click, install, or download on your computer. As a lot of times such threats are disguised as legitimate files and add-ons. Never open any vague email before checking the sender’s e mail address. If you have any doubt do not open any attachments.

How to delete the Matrix Ransomware

Removing Matrix virus using safe mode with networking:

Windows 7:

  1. Start your computer in Safe Mode with Networking. To do so when the system is in process of booting, keep pressing F8 key until you see the Windows Advanced Option menu. Now from here select Safe Mode with Networking from the list.

matrix-ransomware-remove-from-boot

Once you are logged into Safe Mode Networking run an update anti-virus to clean the infection or restore the system to an earlier point.

See Also: How Businesses Can Defend Ransomware Attack

Windows 8/8.1 and 10:

To start Windows 8 is Safe Mode with Networking

  • Press the Windows key windows-key + C, and then click Settingsremove-matrix-ransomware-in-windows-8
  • Click Startup Settingsoption-to-remove-matrix-ransomware-windows-8
  • Now click Troubleshoottroubleshoot-in-windows-8
  • Click Power, hold down Shift on your keyboard and then click Restartadvanced-troubleshoot-in-windows-8
  • Select Advanced optionsstarttup-setting-in-windows-8
  • Now click Restartsafe-mode-in-windows-810
  • To Enable Safe Mode with Networking, Press 5. Windows will start in Safe Mode with Networking.

safe-mode-in-networking-windows-10

Once you are logged into Safe Mode Networking run an updated anti-virus to clean the infection or restore the system to an earlier point.

  • When you are finished doing system restore, repeat steps 1-6 and press Enter to return to Normal Windows.

See Also: 5 Unusual Ransomware Stories

Prevention is always better than cure and this holds true when it comes to Ransomware. Users must know that Ransomware and other such Crypto-Viruses are extremely harmful and once encrypted, files are nearly impossible to recover. Therefore, it is best to become more aware about such threats and stay as clear as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *