A new variant of the Matrix Ransomware has been discovered that is renaming encrypted files and then appending the .FOX extension to the file name. Of particular interest, this ransomware could have the most exhaustive process of making sure each and every file is not opened and available for encrypting. Thankfully, this also makes its encryption process very slow so it could be easier to detect.
This ransomware variant was first discovered by security researcher
MalwareHunterTeam and is installed through computers running Remote Desktop Services and being openly connected to the Internet. The attackers will scan ranges of IP addresses to find open RDP services and then brute force the password.
Once they have access to the computer, they will manually install the ransomware that displays various console windows that show the progress of the encryption of the computer.
Unfortunately, at this time the Matrix Ransomware variants cannot be decrypted for free. If you have any questions or would like to discuss this ransomware, you can use our dedicated
Matrix Ransomware Support topic.