Malware News New Fox Ransomware Matrix Variant Tries Its Best to Close All File Handles

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/new-fox-ransomware-matrix-variant-tries-its-best-to-close-all-file-handles/

A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. Thankfully, this also makes its encryption process very slow so it could be easier to detect.

This ransomware variant was first discovered by security researcher MalwareHunterTeam and is installed through computers running Remote Desktop Services and being openly connected to the Internet. The attackers will scan ranges of IP addresses to find open RDP services and then brute force the password.

Once they have access to the computer, they will manually install the ransomware that displays various console windows that show the progress of the encryption of the computer.
Unfortunately, at this time the Matrix Ransomware variants cannot be decrypted for free. If you have any questions or would like to discuss this ransomware, you can use our dedicated Matrix Ransomware Support topic.

How the Fox Ransomware variant encrypts a computer

The Fox Ransomware is variant of the Matrix Ransomware, and like its predecessor, is very chatty as it communicates a lot with its Command & Control server and also displays consoles that provide status updates on the encryption process.
When the Fox Ransomware variant is executed it will connect to a Command & Control server and start logging various stages of the encryption process. During the encryption process it will communicate often with the C2 to provide status updates.
...
.....