Matrix-EMAN Ransomware

The Matrix-EMAN Ransomware is a file-locker Trojan that uses the AES encryption for blocking your digital media. The Matrix-EMAN Ransomware infections also may create ransoming messages for the decryption solution that restores your files, disable different Data Recovery and System Repair features and hijacks your desktop's wallpaper. PCs protected by anti-malware software should delete the Matrix-EMAN Ransomware by default; meanwhile, saving backups to another device can give any victims a suitably free recovery solution.

The Matrix Ransomware Comes Back for More

Between the Matrix-CHE08 Ransomware, the Matrix-FASTBOB Ransomware, the KOK8 Ransomware, the Matrix-ITLOCK Ransomware, and others, August and September were busy months for the AES-Matrix Ransomware family. As of the last reports by malware researchers, October may be just as productive, with the first day of the month, already, showing a new variant, by the name of the Matrix-EMAN Ransomware. As usual, its attacks appear to use manual installations for giving the criminals temporary control over the PC for sabotaging files.

The Matrix-EMAN Ransomware's executable is using a name consisting of random alphanumeric characters and is, probably, dropped after threat actors compromise arbitrary targets by brute-forcing their logins. The AES-Matrix Ransomware family that the Matrix-EMAN Ransomware belongs to requires a Command & Control network connection for transferring system information and, additionally, some degree of manual control, which it coordinates with a UI panel. Although malware experts do note periodic changes in this family's cryptography, they rate it as being, overall, secure against most freeware decryption solutions, which is just as true of the media that the Matrix-EMAN Ransomware locks.

In addition to blocking the files, the Matrix-EMAN Ransomware changes their filenames, resets the wallpaper to a ransom-themed warning message, and drops a variant of the traditional RTF document-based ransoming instructions inside of every folder that holds blocked content. The name edits are significant and amount to overwriting the original text and replacing it with semi-random characters, adding a bracketed e-mail address for negotiations, and appending an '.EMAN' extension. All of these features are ones that malware experts confirm with past examples of the AES-Matrix Ransomware family, although the Matrix-EMAN Ransomware uses a different extension and address, and may be in the hands of a new threat actor.

Casting Off the Matrix of Digital Hostage-Taking

For the unsecured servers that are the most typical targets of file-locker Trojans' attacks, the Matrix-EMAN Ransomware infections represent the weekly deployment of threats that can hold an indefinite number of files hostage in perpetuity. However, malware researchers also connect other security issues to the Matrix-EMAN Ransomware and its AES-Matrix Ransomware relatives. The most mentionable of these problems include:

• The Matrix-EMAN Ransomware erases the Shadow Volume Copies, which Windows uses for both automatic and manual backups, for keeping users from restoring their locked files.
• The Matrix-EMAN Ransomware disables the Windows startup recovery features.
• In some cases, the Matrix-EMAN Ransomware also may perform a 'self-cleanup' where it removes the files associated with the infection, although the absence of the Trojan doesn't change the nature of your locked media.

Affected users should change their login credentials, if appropriate, and have anti-malware products analyze the PC and remove the Matrix-EMAN Ransomware and any other threats that may be present. In the absence of unexpected bugs with the Matrix-EMAN Ransomware's operations, having other backups on a secondary device is the only way of retrieving your files without taking the risk of a ransom payment.

If it's holding true to tradition, a Matrix-EMAN Ransomware infection is an easily-avoidable consequence of running a server without appropriate login combinations securing it. There's always a price that should be paid for using a too-easy password or username, even if that cost isn't obvious immediately.