Matrix-SBLOCK Ransomware

The Matrix-SBLOCK Ransomware is a member of the AES-Matrix Ransomware's family and, like all of its members, can harm your files by encrypting them automatically. Typical content that it may sabotage includes text documents and images, among dozens of other formats, which the Matrix-SBLOCK Ransomware holds hostage until the victim pays a ransom. Although appropriate backup protocols are a good defense against a file-locking Trojan, the users also can have their dedicated anti-malware services quarantine or delete the Matrix-SBLOCK Ransomware safely.

The Block Gets a Letter Shift

There are recent reports of attacks involving the mostly-quiet AES-Matrix Ransomware family throughout February of the new year, and it seems that Europeans are the preferred targets. Not long after the Matrix-GBLOCK Ransomware variant, the victims began providing evidence of a minor revision to it: the Matrix-SBLOCK Ransomware. The small change to the name means that it is most likely the same threat actors administrating both campaigns, and the difference might be nationalism-based: the Matrix-SBLOCK Ransomware is targeting Spain while its predecessor is Portuguese-oriented.

Threat actors using this family may infect PCs through exploit kits compromising 'watering hole' domains for certain traffic kinds, breach login credentials via brute-force attacks remotely, or use spam e-mails with fake financial documents that drop the file-locking Trojan. Malware experts also caution any victims that infections from the Matrix-SBLOCK Ransomware's family have a non-negligible correlation with the criminal's having backdoor access to the PC, meaning that the users should turn off all internet connections immediately.

However, these circumstances are less harmful to any victims immediately than the Matrix-SBLOCK Ransomware's payload, which blocks digital media with the widely-favored algorithm AES or Rijndael securely. Potentially, recovering the files directly by decrypting them is possible, but the threat actors are holding the decryption information for ransom. As usual, the Matrix-SBLOCK Ransomware's ransoming instructions are readable in the RTF document that it drops, although malware analysts warn that paying can't assure a positive result.

Proper Protection against Old Enemies Regardless of Their New Names

The Matrix-SBLOCK Ransomware is counteracted most efficiently by users keeping their backups in places where the Trojan can't encrypt or delete them. File-locking Trojans in the AES-Matrix Ransomware family and nearly all others take some steps for removing Windows' default backup information that could restore your files. Advanced data recovery tools, sometimes, can overcome these obstacles, although readers never should assume that it's likely for any Ransomware-as-a-Service threat expressing this degree of programming professionalism.

Since e-mail is an enormous distribution channel for these threats, malware experts advise double-checking the identity of all e-mail attachments and links before any interactions. Criminals may be disguising the Matrix-SBLOCK Ransomware in a form that's particular to their targets, such as a company memo or invoice. Reputable anti-malware products should catch and remove the Matrix-SBLOCK Ransomware without impediments unless a remote attacker deactivates them beforehand.

The Matrix-SBLOCK Ransomware is attacking Spain, but its closest brethren is, as noted, Portuguese, while other members include the Brazilian Matrix-FASTA Ransomware and less-localized members like the Matrix-NEWRAR Ransomware or the Matrix-NOBAD Ransomware. Anyone using Windows will want to be aware of this Trojan's family and do what's necessary for keeping their media safe.