Matrix-MDEN Ransomware
The Matrix-MDEN Ransomware is a file-locking Trojan from the AES-Matrix Ransomware's family. The Matrix-MDEN Ransomware uses the AES encryption for keeping your media files from opening before delivering its ransoming demands through an RTF document. Users should back their work up for safety's sake and free recovery purposes while depending on reputable anti-malware software for deleting the Matrix-MDEN Ransomware.
The Matrix Comes to China
One of the less substantial of file-locking Trojan families is starting a fresh campaign, this time, in China. Although the Matrix-MDEN Ransomware's overarching family of the AES-Matrix is not nearly as large as competing ones like the Russia-oriented Scarab Ransomware, it does secure its encryption sufficiently for making it a permanent and non-freely-reversible hazard to your files. The Matrix-MDEN Ransomware is infecting users' PCs simultaneously along with a variant that's using the 'SDEN' extension and shares the e-mail account.
The most likely infection vector for the Matrix-MDEN Ransomware is Remote Desktop-based attacks by threat actors gaining backdoor access to a vulnerable Windows machine. While it's running, the Matrix-MDEN Ransomware begins locking files with AES and may run additional checks for closing any 'in-use' files for maximizing its access to them. Users observing the operation may see CMD windows that the attacker uses for monitoring the process.
The filenames are altered significantly, as well, and will display bracketed e-mail addresses, semi-random characters, and the Matrix-MDEN Ransomware's titular 'MDEN' extension. RTF documents are an especially identifying trait of the Matrix-MDEN Ransomware's family and are equally visible with related Trojans like the Matrix-SBLOCK Ransomware, the Matrix-GBLOCK Ransomware, the Matrix-EMAN Ransomware, the Matrix-FASTBOB Ransomware, etc. The instructions recommend victims contacting the e-mail address that alters between updates of the Trojan's software and don't give a direct ransoming price for the file-restoration service.
Warding One of Two Brothers Off of Your Files
The attacks of the Matrix-MDEN Ransomware and its 'SDEN' variant are targeting entirely different regions of the world, with the latter focusing on Italy while the former, as mentioned previously, attacking Asia. However, the threat actors are most likely of using circumstantial opportunity-based strategies, such as sending spam e-mails to employee mailboxes or hacking any server that's using a poorly-secured password. Diligent login credential maintenance, scanning downloads before opening them, and the routine updating of server software are some of the generally-appropriate protections that malware experts always recommend implementing.
Besides the high-visibility file changes, the Matrix-MDEN Ransomware's attacks can include the swapping of your desktop's wallpaper with a ransoming alert and various means of disabling data recovery and repair features, including the Shadow Volume Copies and some recovery startup options. Since there isn't a free decryption solution, victims will depend on previously-established backups for any media recovery, although most anti-malware products should delete the Matrix-MDEN Ransomware without notable complications.
The Matrix-MDEN Ransomware is one of two examples of how its family is running strong, even after years of work. The Matrix-MDEN Ransomware isn't as showy as something like the Jigsaw Ransomware, but by spreading through more insidious methods, it's all the more likely of being profitable.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.