What is Ransomware? Ransomware was first seen on 30 November 2016. It is a highly malicious application whose only purpose is to infect your computer and encrypt its files secretly. Therefore, removing this infection is highly recommended, but the problem is that once it has encrypted your files, there is nothing you can do to about it. This ransomware was created to extort money from you by offering you to purchase a unique decryption key that you can get only from the developers of this ransomware. Nevertheless, you should be wary of the possibility that they will not give it to you.test

Where does Ransomware come from?

From the very outset, we want to point your attention to this ransomware’s distinctive feature which is that it features a ransom note in Russian and broken English. Therefore, it is quite possible that this malicious was created by in Russia, but targets not only Russian speaking people, but foreigners as well because English is this lingua franca of the West and distributing a malicious program such as this one in this region can be very profitable if it is done right.

Since Ransomware was released only recently, our cyber security experts have yet to its distribution source. Nevertheless, it is likely that it is distributed via a Trojan that is distributed via malicious emails. Its developers may have set up a server dedicated to sending fake emails that masquerade as invoices or tax return forms and feature the Trojan as a PDF document that downloads this ransomware when opened.

How does Ransomware work?

The Trojan downloads this extension to %HOMEDRIVE% and places it in a folder that can be named using various characters and the length of its name varies between one and six characters. Also, it puts the name in brackets, so the name should look like {folder}. Once on your computer, this ransomware will scan it for encryptable files and go to work. It was designed to encrypt many file formats and rest assured that this ransomware puts a huge emphasis on personal files that are usually image, video, and audio files, as well as Word, PDF and other types of documents. While encrypting it appends the files with the .MATRIX file extension. Furthermore, for some unknown reason, this ransomware collects information about your computer which includes OS type, Service Pack, architecture, drivers, and so on and places this information in a file that has the .mth file extension on your computer’s desktop. Once the encryption is complete, and the file containing computer information is created, this ransomware will drop a file named matrix-readme.rtf, and this file works as the ransom note.

The note says that your files were encrypted and that you need to email the featured code to to receive further instructions on how to pay the ransom and get your files back. If you do not get a reply within 24 hours, the criminals suggest emailing the code to Unfortunately, there is no free decryption tool, but we do not recommend paying the ransom because chances are that the criminals will not send you the promised decryption key. Also, this ransomware drops to scripts in %APPDATA%\Microsoft. One randomly named file has the .cmd extension, and the other has the .vbs extension. The file having the .cmd extension deletes shadow copies of your files and the file having the .vbs extension deletes this ransomware’s main executable.

How to remove Ransomware

Our malware analysts say that, while its executable is removed by the randomly named .vbs, this might not happen all of the time and this ransomware can remain on your PC and spring into action whenever it wants to encrypt your files again or encrypt all new files that you add. Therefore, we recommend that you remove this malicious program using our guide or get an anti-malware application to get rid of it for you. We suggest using SpyHunter as testing has shown that this particular program has no problem dealing with this infection.

Removal Guide

  1. Press Windows+E keys.
  2. In the address bar, type %HOMEDRIVE% and hit Enter.
  3. Go to the {randomly named} folder and delete the executable.
  4. Then go to %APPDATA%\Microsoft and delete the randomly named .cmd and .vbs files.
  5. Delete matrix-readme.rtf form the desktop.
  6. Empty the Recycle Bin.
100% FREE spyware scan and
tested removal of Ransomware*

Leave a Comment

Enter the numbers in the box to the right *