Matrix Ransomware Spreads to Other PCs Using Malicious Shortcuts

Discussion in 'News Archive' started by Solarquest, Apr 8, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    1,834
    14,592
    Brad Duncan, a Threat Intelligence Analyst for Palo Alto Networks Unit 42, has recently started seeing the EITest campaign use the RIG exploit kit to distribute the Matrix ransomware. While Matrix has been out for quite some time, it was never a major player in terms of wide spread distribution.
    Now that it is being distributed via a large campaign and an exploit kit, it was time to take a deeper dive into this ransomware to see what features it has. What was found is interesting as Matrix Ransomware has the worm like features that allow it to spread outside of the originally infected machine via Windows shortcuts and uploads stats about the types of files that are encrypted.

    Matrix Distributed using Exploit Kits
    When the Matrix Ransomware was first spotted around December 2016 it did not have a wide distribution compared to ransomware infections like Cerber or Spora Ransomware. Now that Matrix is being distributed using the RIG exploit via the EITest campaign it can become a real game changer.

    According to Brad Duncan, Matrix is distributed via hacked sites that have the EITest scripts injected into them. When a visitor goes to one of these hacked sites, depending on various criteria, Brad has seen EITest injecting either the "The "HoeflerText" font wasn't found" attack, which is distributing the Spora Ransomware, or the RIG exploit kit, which is now distributing Matrix.

    You can see the source code of a hacked site with the injected RIG iframe below.
    ....
     
Loading...
Similar Threads Forum Date
Matrix Ransomware Being Distributed by the RIG Exploit Kit Security News Oct 27, 2017
Video Review Matrix Ransomware one of the variants - Demonstration of attack video review. Video Reviews May 18, 2017
Video Review Matrix Ransomware new variant - Demonstration of attack video review. Video Reviews Apr 4, 2017