'.MTXLOCK File Extension' Ransomware

The '.MTXLOCK File Extension' Ransomware is a variant of the AES-Matrix Ransomware, a file-locking Trojan that can use encryption for holding documents, pictures, and other media hostage. Users also may find associated documents demanding money for the decryption of their files, as well as unexpected changes to the extensions on any filenames. Many anti-malware programs are deleting the '.MTXLOCK File Extension' Ransomware automatically as a threat, but the only proven recovery method for any encrypted data is a backup.

Having Your Files Pulled Back into the Matrix

The AES-Matrix Ransomware family is experiencing a series of developments throughout 2018 and carrying on from the previous year. The next variant of it that malware experts are confirming, the '.MTXLOCK File Extension' Ransomware, is in testing due to its inclusion of console output, apparently, which is a traditional bug-testing feature. However, the final version of the '.MTXLOCK File Extension' Ransomware, along with omitting this log data, also should be just as good as the other builds of the AES-Matrix Ransomware at blocking files for Bitcoins.

Some of the general characteristics of the '.MTXLOCK File Extension' Ransomware's family include a tendency of benefiting from Remote Desktop-based exploits for compromising networks, using RTF-format ransoming notes, and a free space overwriting a function that can hamper any file recovery software. The '.MTXLOCK File Extension' Ransomware also may replace the desktop's wallpaper with an image it drops, which malware experts often see supplementing any text-based ransoming warnings.

However, the defining attack in the '.MTXLOCK File Extension' Ransomware's payload is a data-encrypting routine that uses an AES and RSA-based algorithm combination for blocking different formats of files. This version of the threat also splits from previous editions of its family by giving each file a true extension ('.MTXLOCK'), along with the bracketed e-mail address that most versions of AES-Matrix Ransomware promote. Like the Relock Ransomware and other variants of this group of Trojans, the encryption damage is secure and not reversible via free software.

Sparing Your Files from Being a Line of Profit in a Trojan's Matrices

The threat actors responsible for distributing AES-Matrix Ransomware and its different versions historically often enable RDP features for installing unwanted and threatening software manually. Network security is, accordingly, paramount to blocking the most likely infection vectors for the '.MTXLOCK File Extension' Ransomware and the other releases of its family. Malware experts also recommend monitoring e-mail attachments, which can have close associations with Trojan campaigns targeting the networks of businesses and governments.

The bulk of this Trojan's changes are cosmetic ones: minor updates to its file-renaming methodology and ransoming note. Although the Trojan has no additional encryption-related functions, in comparison to previous variants, the lack of a public decryptor for its family makes it unnecessary that the threat actors update this core feature. Having a backup that isn't encrypted still is the best way of saving your files from this threat, along with enabling anti-malware solutions that delete the '.MTXLOCK File Extension' Ransomware, or quarantine it safely, by default.

Less than a third of most brands of anti-malware products are detecting the '.MTXLOCK File Extension' Ransomware as a threat. Since this Trojan's attacks and accompanying efforts at extortion aren't ceasing, any PC users should, at the same time, remind themselves not to slack on their backups or Web-browsing safety habits.