Home Malware Programs Ransomware AES-Matrix Ransomware

AES-Matrix Ransomware

Posted: August 23, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 7
First Seen: August 23, 2017
Last Seen: March 31, 2019
OS(es) Affected: Windows

The AES-Matrix Ransomware is a Trojan that locks the files of a PC to hold them for ransom payments. Threat actors are introducing the AES-Matrix Ransomware to systems manually, making network and account security protocols particularly important for hindering its distribution practices. Because its decryption software is bugged, having backups or blocking and removing the AES-Matrix Ransomware in a preventative fashion with anti-malware products are the best available solutions for most users.

Trojans that Leave You Guessing about the State of Your Files

Trojan campaigns using encryption as their predominant mode of attack often accompany that feature with a follow-up function, which promotes the Trojan's brand by 'tagging' the names of everything it locks. Although non-consensual, this change also can be convenient for the victims, by letting them identify on sight, which files are encoded and which are clean. Otherwise, just as with the new AES-Matrix Ransomware, users will have to test each file, one by one, to determine which ones are hostages.

The AES-Matrix Ransomware uses the currently in vogue installation strategy of manual introduction after the threat actor uses other methods of gaining remote access to the PC. A typical infection strategy can include brute-forcing an unsafe password and user name for a server machine, with RDP settings giving the con artist more comprehensive control. When running, the AES-Matrix Ransomware fully encrypts various formats on both the PC and any Virtual Machines and network-mapped drives that it can access. Like most of the Trojans of this payload malware experts examine, it uses AES or Rijndael for its encoding algorithm.

The AES-Matrix Ransomware delivers ransoming messages through an RTF file, which a glitch in its code may cause it to duplicate multiple times. However, it doesn't add any visible changes to the names of the encoded content, which could force the user to open each file manually to tell which ones are corrupt.

Why Paying a Trojan's Ransoms Doesn't Pay

The AES-Matrix Ransomware's English instructions for paying to recover your files aren't atypical to its black hat industry. However, the threat actor responsible for the AES-Matrix Ransomware's campaign appears to be either new to programming or operating in bad faith. 'Customers' willing to pay for the decryption program have, so far, been unable to unlock their files, although this buggy decryption software may remain useful for security researchers' analysis.

If possible, disable the Internet connectivity for any machine compromised by the AES-Matrix Ransomware, which is capable of attacking networked drives. Threat actors with access to the system also may take further, potentially unpredictable steps to protect the Trojan or block standard security features, such as the VSC, and other backup resources. Using passwords and other login credentials with sufficiently complicated combinations can prevent the con artists from using brute-force tactics to infect your PC. Most anti-malware programs should be able to quarantine the AES-Matrix Ransomware for further analysis or delete the AES-Matrix Ransomware in its entirety, when appropriate.

When it comes to trafficking with con artists, there's no such thing as a dependable business agreement. The chance of running into hitches in your file recovery plan after paying to enact it makes threats like the AES-Matrix Ransomware into problems that only good backups can cure.

Loading...