'Matrix9643@yahoo.com' Ransomware
The 'Matrix9643@yahoo.com' Ransomware uses the GNU Privacy Guard (GNUPG) to encrypt the files of its victims, and it is one of the few pieces of crypto-threat that don't take advantage of some of the more traditional and common file encryption techniques. Just like similar crypto-threats, the 'Matrix9643@yahoo.com' Ransomware also may rely on spam e-mails as its primary method of finding new victims. Naturally, the spam e-mails consist of cleverly crafted and designed messages that mislead users into thinking that they need to download the file attachment immediately as it contains important information. However, the attachment usually turns out to be a corrupted file or even a macro-laced Office document whose execution may lead to the introduction of the 'Matrix9643@yahoo.com' Ransomware to the victim's computer.
Once the 'Matrix9643@yahoo.com' Ransomware has been deployed successfully, it launches a simple encryption routine that targets tens of different types of files and uses the open-source GNUPG encryption library to lock their contents. Upon completing the encryption, it also deploys a ransom note in a file called '.MATRIX-KEY.RTF.' The ransom note is written in Russian and English, and it urges users to pay a ransom fee in exchange for helpful advice on how to decrypt their data in the shortest amount of time. The ransom fee is not specified and, instead, victims are asked to contact the attackers by sending an e-mail to one of the following addresses: Matrix9643@yahoo.com, Redtablet9643@Yahoo.com, thematrixhasyou9643@yahoo.com, and noliberty9643@yahoo.com. The e-mail message should also include the file '[RANDOM_NUMBER].MATRIX-KEY.bin,' which should be located at the victim's Desktop.
Although there's no information whether free decryption will be possible, we advise users to keep their wallets away, and not to pay the ransom fee that the 'Matrix9643@yahoo.com' Ransomware's demands. Paying the ransom does not guarantee that you'll get your files back, and the proof for this are thousands of ransomware victims who were left empty-handed once they fulfilled the attacker's demands. The best course of action for victims of the 'Matrix9643@yahoo.com' Ransomware is to run an anti-malware tool and wait for it to identify and remove all files related to the file encryption threat. Once the computer is clean, users should attempt to recover their data with 3rd-party utilities, although this may not work flawlessly since the 'Matrix9643@yahoo.com' Ransomware takes the necessary measures to fully delete Shadow Volume Copies.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.