AES-Matrix Ransomware
Posted: August 23, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | August 23, 2017 |
|---|---|
| Last Seen: | March 31, 2019 |
| OS(es) Affected: | Windows |
The AES-Matrix Ransomware is a Trojan that locks the files of a PC to hold them for ransom payments. Threat actors are introducing the AES-Matrix Ransomware to systems manually, making network and account security protocols particularly important for hindering its distribution practices. Because its decryption software is bugged, having backups or blocking and removing the AES-Matrix Ransomware in a preventative fashion with anti-malware products are the best available solutions for most users.
Trojans that Leave You Guessing about the State of Your Files
Trojan campaigns using encryption as their predominant mode of attack often accompany that feature with a follow-up function, which promotes the Trojan's brand by 'tagging' the names of everything it locks. Although non-consensual, this change also can be convenient for the victims, by letting them identify on sight, which files are encoded and which are clean. Otherwise, just as with the new AES-Matrix Ransomware, users will have to test each file, one by one, to determine which ones are hostages.
The AES-Matrix Ransomware uses the currently in vogue installation strategy of manual introduction after the threat actor uses other methods of gaining remote access to the PC. A typical infection strategy can include brute-forcing an unsafe password and user name for a server machine, with RDP settings giving the con artist more comprehensive control. When running, the AES-Matrix Ransomware fully encrypts various formats on both the PC and any Virtual Machines and network-mapped drives that it can access. Like most of the Trojans of this payload malware experts examine, it uses AES or Rijndael for its encoding algorithm.
The AES-Matrix Ransomware delivers ransoming messages through an RTF file, which a glitch in its code may cause it to duplicate multiple times. However, it doesn't add any visible changes to the names of the encoded content, which could force the user to open each file manually to tell which ones are corrupt.
Why Paying a Trojan's Ransoms Doesn't Pay
The AES-Matrix Ransomware's English instructions for paying to recover your files aren't atypical to its black hat industry. However, the threat actor responsible for the AES-Matrix Ransomware's campaign appears to be either new to programming or operating in bad faith. 'Customers' willing to pay for the decryption program have, so far, been unable to unlock their files, although this buggy decryption software may remain useful for security researchers' analysis.
If possible, disable the Internet connectivity for any machine compromised by the AES-Matrix Ransomware, which is capable of attacking networked drives. Threat actors with access to the system also may take further, potentially unpredictable steps to protect the Trojan or block standard security features, such as the VSC, and other backup resources. Using passwords and other login credentials with sufficiently complicated combinations can prevent the con artists from using brute-force tactics to infect your PC. Most anti-malware programs should be able to quarantine the AES-Matrix Ransomware for further analysis or delete the AES-Matrix Ransomware in its entirety, when appropriate.
When it comes to trafficking with con artists, there's no such thing as a dependable business agreement. The chance of running into hitches in your file recovery plan after paying to enact it makes threats like the AES-Matrix Ransomware into problems that only good backups can cure.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.