Malwarebytes security expert Jerome Segura has found that Matrix ransomware which was first seen in late 2016 is now being distributed through RIG exploit kit.
Malwarebytes security expert Jerome Segura has found that Matrix ransomware which was first seen in late 2016 is now being distributed through RIG exploit kit.The ransomware is installed through exploit kits on the website displaying malvertising by exploiting the vulnerabilities found in Internet Explorer (CVE-2016-0189) and Flash (CVE-2015-8651).The working of ransomware is simple that when a user with an unpatched and outdated version of internet explorer or flash player visit a website that contains malvertisement, your device will get infected by the ransomware.Then the ransomware will start encrypting the files. After that, it scrambles the file names and adds an extension [email protected] to the scrambled file’s names.
The ransomware also adds a ransom note named #_#WhatWrongWithMyFiles#_#.rtf in the folder where the files were encrypted.After finishing the process, the ransomware will display the ransom note containing details on what happened your files and payment information.In the ransom, it is mentioned that users have 96 hours to recover their personal data and after that, the unique key will be deleted and the user will not be able to recover the files.It is also mentioned that after every 6 hours the payment will be automatically increased and users are requested to send their unique ID to the Email ID mentioned in the ransom note to receive further instructions.
Users are advised to make sure that all the windows security and software updates are installed on your device to prevent getting infected by the Matrix ransomware.
Read more on:Ransomware – How can you effectively tackle the challenges?
Always follow these basic instruction to protect yourself from any ransomware attack :
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches. In this case, especially check the Eternal Blue vulnerability patch.
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- Maintain updated Antivirus software on all systems.
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
You may be interested in reading: NIST Guidelines for Dealing with Ransomware Recovery
About the Author
[/lgc_column][lgc_column grid="85" tablet_grid="75" mobile_grid="75" last="true" style="background-color: #ffffff;"]Ashique is a self motivated and passionate security analyst with a good knowledge in computer networking, security analysis, vulnerability assessment and penetration testing. [/lgc_column]