Matrix-THDA Ransomware

The Matrix-THDA Ransomware is a file-locking Trojan that's an update of the well-known family of the AES-Matrix Ransomware. Such Ransomware-as-a-Service Trojans, typically, compromise victims with the help of threat actors brute-forcing their way through unsafe login combinations. Although having a non-local backup is integral to saving your files from the Matrix-THDA Ransomware's encryption damage, anti-malware software, also, may uninstall the Matrix-THDA Ransomware or block its disguised installation over other methods, such as drive-by-downloads.

A Few More Matrices Worth Fearing

Since its analysis back in 2017, the AES-Matrix Ransomware has been thriving in the Ransomware-as-a-Service black market, albeit on a relatively smaller scale than competition like the Crysis Ransomware or the Globe Ransomware. The Matrix-THDA Ransomware is one of the newest updates to the family that malware experts are capable of verifying, with its infection strategies compromising Indian-based victims successfully. However, these statistics are early in the campaign's deployment stage, and the Matrix-THDA Ransomware is, presumably, no less threatening to the PC users of other countries.

If it's using the same exploits as previous variants, such as the Matrix-NOBAD Ransomware, the Matrix-EMAN Ransomware, the Matrix-FASTBOB Ransomware or the KOK8 Ransomware, brute-force attacks are breaking into server login credentials. These tools are adept at estimating the user and password strings for short, widely-used or factory-standard logins especially. Remote attackers, once gaining access to a server, can launch the Matrix-THDA Ransomware, which, unlike most file-locker Trojans, displays an ongoing window with the status of its encryption attack as it runs.

The Matrix-THDA Ransomware's AES cipher-based encryption locks media files both locally and on network-available locations, including unmapped ones. While the users can search for the 'THDA' extensions of any blocked files, the renaming process also removes the rest of the name, which can obscure the identity of the data in question. Victims also may find RTF documents containing the Matrix-THDA Ransomware's ransoming instructions, although malware experts always discourage making ransom payments for decryption solutions from criminals who may not keep their word.

Making Sure that RaaS Stays in the Red

Ransomware-as-a-Service depends on third-party criminals making money off of collecting ransoms from their victims, and not on having a working decryptor necessarily. Although AES is low in complexity relative to some choices of encryption, the Matrix-THDA Ransomware's family has no public decryption services that are available for unlocking your files freely. Accordingly, malware researchers are stressing the value of prevention-based defenses against the Matrix-THDA Ransomware infections, such as:

• Using secure login combinations, while valuable for all PC users, is of high importance for server administrators for keeping remote attackers from succeeding in brute-force attacks.
• Users also should monitor their Remote Desktop settings for any signs of unsafe changes that could help an unauthorized third-party's installing threats, especially file-locker Trojans, spyware and backdoor Trojans.

Some criminals prefer uninstalling the Trojan after running it, but users shouldn't assume this being true in every case. Have your anti-malware products verify the lack of threats or remove the Matrix-THDA Ransomware, after seeing any symptoms matching this article's description. The Matrix-THDA Ransomware is, however, only compatible with Windows environments.

The vulnerabilities that the Matrix-THDA Ransomware's family uses for gaining access to files and, therefore, ransoming incentives, are well-known. While the cyber-security industry can improve rates of detecting the average, file-locking Trojan, only the victims can keep the Matrix-THDA Ransomware in poverty by securing the contents of their servers.