matrix9643@yahoo.com ransomware

Matrix virus, alternatively called as matrix9643@yahoo.com ransomware, functions as a crypto-Trojan. Matrix Ransomware has the worm like features that allow it to spread outside of the originally infected machine via Windows shortcuts. This malware appends “.matrix” or “.b10cked” extension to the name of every encrypted file. For instance, “sample.jpg” is renamed to “sample.jpg.matrix”. Following successful encryption, Matrix creates a text file “matrix-readme.rtf” (newer variants drop “Readme-Matrix.rtf” fileor “WhatHappenedWithMyFiles.rtf”) and places it in every folder containing ransom demanding message.

matrix-ransom-note

while performing the encryption, Matrix will hide a folder and then create a shortcut with the same name. It will then make a copy of the ransomware executable and save it as desktop.ini in the original:

matrix1
Clicking on any shortcut will launch the malware program.

Files associated with the Matrix Ransomware:
%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[random].hta
%UserProfile%\AppData\Roaming\[victim_id].pek
%UserProfile%\AppData\Roaming\[victim_id].sek
%UserProfile%\AppData\Roaming\errlog.txt
%UserProfile%\AppData\Roaming\[random].cmd
%UserProfile%\AppData\Roaming\[random].afn
%UserProfile%\AppData\Roaming\[random].ast
%UserProfile%\AppData\Roaming\[random].hta
matrix-readme.rtf
Bl0cked-ReadMe.rtf
WhatHappenedWithFiles.rtf

Network Communication:
stat3.s76.r53.com.ua/addrecord.php
stat3.s76.r53.com.ua/uploadextlist.php

With increase in everyday Ransomware activity, users are highly recommended to back up the files on daily basis to minimize loss of data and use a good anti virus program such Max Total Security which can take daily backup with highly configuration options for users.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>