Matrix-GBLOCK Ransomware

The Matrix-GBLOCK Ransomware is a part of the AES-Matrix Ransomware family of file-locking Trojans. Its attacks will encrypt the data of files such as documents and pictures for stopping them from opening, overwrite their names with contact information and extensions, and create RTF ransom notes. Because of no freeware decryption services for AES-Matrix Ransomware, the users will have to block and remove the Matrix-GBLOCK Ransomware preemptively with their anti-malware solutions or use backups for any content recovery.

This Blockade on Your Files Starts with 'G'

The AES-Matrix family is responsible for another campaign of blocking data for ransoms, this time, with the infection vectors compromising Windows systems in Portugal. These mid-to-late-February attacks could be using brute-force means of breaking logins, e-mail attachments tricking users into opening them with fake names, or broader distribution methods, like exploit kits. In spite of a variety of infiltration possibilities, the Matrix-GBLOCK Ransomware infections indicate the likely locking of most of your PC's media content.

The Matrix-GBLOCK Ransomware makes significant changes to the names of what it blocks, by overwriting the text with semi-random alphanumeric characters, prepending the threat actor's e-mail address (with 'Gman222' being a reference to the urban legend of a mysterious government agent), and appending 'GBLOCK' extensions. No traces of the original contents of the file's name, including its first extension, remain intact.

However, users are more likely of being concerned by the Matrix-GBLOCK Ransomware's encryption, which uses an AES algorithm for encrypting the file data and an RSA one for securing the former. There is no decryptor for the Matrix-GBLOCK Ransomware or its other familial members, and malware researchers continue seeing no evidence of vulnerabilities making the creation of one into a likely event. Users, therefore, have the choice of paying the ransom that the Matrix-GBLOCK Ransomware's RTF document demands or losing the files.

Staying Out of the Wrong Block

Classic introduction exploits for file-locker Trojans of the Matrix-GBLOCK Ransomware's family include, but aren't limited to, all of the below:

• E-mail messages may carry attachments that pretend that they're invoices, billing disputes, news articles, or other, user-specific content. Standard formats of attacks will include actual documents but embed macros or other vulnerabilities for dropping the Trojan onto your computer.
• Users without secure logins are at risk from brute-force utilities that criminals can use for 'guessing' account and password combinations. This introduction method could let the remote attacker accomplish other attacks besides installing the Matrix-GBLOCK Ransomware and has close associations with backdoor Trojans or RATs.
• Some threat actors use 'watering hole' tactics that compromise specific sites and modify their code into running exploit kits, which misuse software vulnerabilities for dropping threatening software onto any visitors' computers.

Disabling document macros and browser scripts, installing security fixes promptly, using complex passwords with extensively-mixed characters and scanning your files before you open them all provide some protection from the above attacks. Even more importantly, only having backups on uncompromised devices guarantees a complete recovery of anything that this Trojan locks. While most anti-malware programs should uninstall the Matrix-GBLOCK Ransomware easily, decryption necessitates a key that only the threat actors can provide.

The Matrix-GBLOCK Ransomware could limit its reach to Portuguese victims or may expand throughout Europe and elsewhere. While its future is up to the criminals renting out this version of the Trojan's family, the future health of your files is up to you – and your backups.