Matrix-NOBAD Ransomware

The Matrix-NOBAD Ransomware is a part of the AES-Matrix Ransomware family. These file-locker Trojans run AES-based encryption attacks against your files for locking them and forcing you into paying a ransom. Because this family has limited potential for being decryptable via public software, malware experts urge all users at risk to keep backups of their media. Use a professional anti-malware program for removing the Matrix-NOBAD Ransomware as needed while attending to any associated vulnerabilities, such as compromised network logins.

Crooks with More than One Trojan at Their Disposal

The ease of investment into RaaS or Ransomware-as-a-Service businesses lets criminals adjust their ransoming infrastructures, themes and even file-locking methods without much difficulty. However, most remote attackers focus on abusing one major family of file-locker Trojans at a time. The newest version of the AES-Matrix Ransomware's family, the Matrix-NOBAD Ransomware, is showing inclinations in the other direction, with its controllers recycling some parts of their file-ransoming campaign for using with the unrelated RotorCrypt Ransomware.

What makes this strategy unusual is the RotorCrypt Ransomware's traditional scope of Russian PC owners, whereas the Matrix-NOBAD Ransomware's attacks are confirmable as focusing on victims around the world, such as Egypt and the Czech Republic. However, these threats share in common a favored type of victim: admins for vulnerable business servers. The criminals using the Matrix-NOBAD Ransomware may be brute-forcing their way into gaining login credentials or using other, undocumented vulnerabilities for gaining server access. After that, they install and run the file-locker Trojan.

By default, the Matrix-NOBAD Ransomware uses a UI panel for controlling its file-locking attack, which runs off of AES encryption, just like the payloads of the Matrix-EMAN Ransomware, the Matrix-ITLOCK Ransomware, the Matrix-FASTBOB Ransomware, or the Matrix-NEWRAR Ransomware. The sweep can include media on mapped or unmapped network shares, along with the contents of the local drives. The Matrix-NOBAD Ransomware, mostly, follows the traditional filename-editing format of the AES-Matrix Ransomware, but malware experts do confirm the program's using a new extension of 'NOBAD.' Victims also should anticipate the likely deletion of any Shadow Volume Copies or the Windows Restore points.

Preventing Profits in the RaaS Business from Being Your Bad

The Matrix-NOBAD Ransomware's family almost exclusively uses brute-force and RDP (or Remote Desktop Protocol) attacks for compromising the servers of any victims, taking the contents hostage, and delivering ransoming messages. Symptoms after the fact, besides changes to the names of blocked media, also include text ransom messages and the hijacking of the desktop's wallpaper. Due to malware experts finding no exploitable vulnerabilities in the Matrix-NOBAD Ransomware's encryption routine, users may only be capable of recovering their files freely with the help of any already-saved backups.

Admins can protect their servers by using secure RDP settings and avoiding logins that are high in susceptibility to brute-forcing, such as default or low-complexity passwords. Due to the Matrix-NOBAD Ransomware campaign being global, small and medium business owners around the world should assume that any Windows-based server infrastructure is, potentially, at risk. Uninstalling the Matrix-NOBAD Ransomware with appropriate anti-malware products can help with restoring the PC to a secure state, but can't recover any of the already-encrypted files.

The lifespan of a single version of a file-locker Trojan, often, is brief. While the Matrix-NOBAD Ransomware's campaign may not last very long, it can do enough damage in the meantime to make anyone using a crackable password for logging in regret their decision.