AES-Matrix Ransomware

Posted: August 23, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 7

AES-Matrix Ransomware Description

The AES-Matrix Ransomware is a Trojan that locks the files of a PC to hold them for ransom payments. Threat actors are introducing the AES-Matrix Ransomware to systems manually, making network and account security protocols particularly important for hindering its distribution practices. Because its decryption software is bugged, having backups or blocking and removing the AES-Matrix Ransomware in a preventative fashion with anti-malware products are the best available solutions for most users.

Trojans that Leave You Guessing about the State of Your Files

Trojan campaigns using encryption as their predominant mode of attack often accompany that feature with a follow-up function, which promotes the Trojan's brand by 'tagging' the names of everything it locks. Although non-consensual, this change also can be convenient for the victims, by letting them identify on sight, which files are encoded and which are clean. Otherwise, just as with the new AES-Matrix Ransomware, users will have to test each file, one by one, to determine which ones are hostages.

The AES-Matrix Ransomware uses the currently in vogue installation strategy of manual introduction after the threat actor uses other methods of gaining remote access to the PC. A typical infection strategy can include brute-forcing an unsafe password and user name for a server machine, with RDP settings giving the con artist more comprehensive control. When running, the AES-Matrix Ransomware fully encrypts various formats on both the PC and any Virtual Machines and network-mapped drives that it can access. Like most of the Trojans of this payload malware experts examine, it uses AES or Rijndael for its encoding algorithm.

The AES-Matrix Ransomware delivers ransoming messages through an RTF file, which a glitch in its code may cause it to duplicate multiple times. However, it doesn't add any visible changes to the names of the encoded content, which could force the user to open each file manually to tell which ones are corrupt.

Why Paying a Trojan's Ransoms Doesn't Pay

The AES-Matrix Ransomware's English instructions for paying to recover your files aren't atypical to its black hat industry. However, the threat actor responsible for the AES-Matrix Ransomware's campaign appears to be either new to programming or operating in bad faith. 'Customers' willing to pay for the decryption program have, so far, been unable to unlock their files, although this buggy decryption software may remain useful for security researchers' analysis.

If possible, disable the Internet connectivity for any machine compromised by the AES-Matrix Ransomware, which is capable of attacking networked drives. Threat actors with access to the system also may take further, potentially unpredictable steps to protect the Trojan or block standard security features, such as the VSC, and other backup resources. Using passwords and other login credentials with sufficiently complicated combinations can prevent the con artists from using brute-force tactics to infect your PC. Most anti-malware programs should be able to quarantine the AES-Matrix Ransomware for further analysis or delete the AES-Matrix Ransomware in its entirety, when appropriate.

When it comes to trafficking with con artists, there's no such thing as a dependable business agreement. The chance of running into hitches in your file recovery plan after paying to enact it makes threats like the AES-Matrix Ransomware into problems that only good backups can cure.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to AES-Matrix Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware AES-Matrix Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.