Two new Matrix Ransomware variants were discovered this week.
They are being installed on Windows machines using hacked Remote Desktop Services, according to the security team that discovered them MalwareHinterTeam.
Machines that are connected directly to the internet, or those that have their router’s ports forwarded for RDS are vulnerable.
The first variant
is less advanced, it opens two windows showing the progress of the infection and encrypts all files, renaming them to something like ytrK8dVC-LKddermb.[Files4463@tuta.io].
It will also place a ransom file into each folder named !ReadMe_To_Decrypt_Files.rtf
The second variant
performs a similar encryption on all files, but it also wipes all blank space on the computer to ensure that recovery is impossible.
At this time neither variants can be unencrypted without paying the ransom.
So what can be done to protect against this threat?
- Have reputable antivirus installed on every machine that connects to your network – such as Bitdefender.
- Have a secure backup of your files, ensure the backed up files are not directly accessible from your computers, and ideally have file versioning and run snapshots every 30 minutes to reduce the chance of data loss. – Our solution is here.