A new variant of malicious software is used to perform specially targeted attacks
According to network security and ethical
hacking specialists from the International Institute of Cyber Security, ransomware
remains one of the main threats that organizations face, regardless of their
size or the branch they belong to. Recently, the outbreak of new malicious
software, known as Matrix, has been
detected.
Some variants of the Matrix ransomware had been
detected earlier, although recent reports reveal that this new outbreak of
infections has some relevant differences, including some new traits to
infection.
Matrix addresses endpoints through Windows Remote
Desktop Protocol (RDP) services, probably using brute-force attacks on
Internet-connected computers to access systems, as reported by network
security experts.
During encryption, Matrix hides the original
name of the files, adding its own extension (.MTXLOCK); so far there is no tool
to remove the encryption imposed by this ransomware.
Like many other ransomware variants, Matrix tries
to eliminate the snapshots taken by Windows Shadow Copy (a service that allows
to create backup copies of the files on the user’s machine) to try to prevent users
from easily restoring their information.
Network security specialists comment that,
unlike other malicious software families, Matrix does not require a cryptocurrency
ransom payment. Instead, hackers try to define the profile of the victim to
perform a specially targeted attack.
Criminals request the victim to send some
samples of their encrypted files, in addition to the KEYIDS.KLST file, which
malware deposits on the victim’s desktop. Subsequently, the attackers eliminate
the encryption of these files and, with the information contained in them, they
try to delimit the profile of the victim and the nature of the encrypted
information, thus they can elaborate a request of ransom according to the value
of the data and the economic resources of the victims.
This feature could be especially risky for
companies. The conventional attacks of ransomware do not stop to think about
the nature of the information compromised, however, the ransomware Matrix
determines the scope of the attack as it can obtain resources from the victim;
In other words, the bigger the fish, the greater the reward.
It has been reported from some cases in which
Matrix has managed to disable various security software solutions, as the
ransomware is able to cope with anti-virus solutions instead of trying to dodge
them. In addition, the incentives that the attackers have in mind are large
enough to risk deploying the infection.
