New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,320
Content source
https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/
Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.

Based on the debugging messages displayed by the ransomware when it is executed and the variousreports in the BleepingComputer forums, this ransomware is currently being distributed to victims by the attackers hacking into Remote Desktop services connected directly to the Internet. Once the attackers gain access to a computer, they upload the installer and execute it.

Two different variants being distributed
Currently there are two different Matrix variants being distributed at this time. Both variants are being installed over hacked RDP, encrypt unmapped network shares, display status windows while encrypting, clear shadow volume copies, and encrypt the filenames. There are, though, some slight differences between the two variants, with the second one ([RestorFile@tutanota.com]) being a bit more advanced.
.....
.....
Click to expand...
How to protect yourself from the Matrix Ransomware
In order to protect yourself from ransomware in general, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

As the Matrix Ransomware may be installed via hacked Remote Desktop services, it is very important to make sure its locked down correctly. This includes making sure that no computers running remote desktop services are connected directly to the Internet. Instead place computers running remote desktop behind VPNs so that they are only accessible to those who have VPN accounts on your network.

It is also important to setup proper account lockout policies so that it makes it difficult for accounts to be brute forced over Remote Desktop Services.
........
........
Click to expand...
 
  • Like
Reactions: Mariihh, silversurfer and harlan4096
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
New Update The Windows Windows App is real - replacing Remote Desktop app
Replies
2
Views
375
VM and Remote Access
cartaphilus
cartaphilus
[correlate]
    • Wow
    • Thanks
    • +Reputation
Security News MoneyGram services disrupted by likely ransomware attack, global transactions affected
Replies
0
Views
1,393
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • +Reputation
    • Like
Malware News Surge in Magniber ransomware attacks impact home users worldwide
Replies
2
Views
2,501
Security News
Jonny Quest
Jonny Quest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top