New Strains of Matrix Ransomware are Used Since Early April

Delaware, USA – April 10, 2018 – Researchers from MalwareHunterTeam discovered two new Matrix ransomware samples in the wild. As well as SamSam ransomware that recently attacked the city of Atlanta, this malware is installed by attackers manually after RPD connection hacking. The Matrix ransomware not only encrypts data but also deletes shadow copies and can rewrite free space on drive C: to prevent file recovery. New strains of ransomware are actively used since early April.

Malwarebytes published the new report for the first quarter of 2018 – ‘Cybercrime tactics and techniques‘. They noted that the number of ransomware attacks against business increased by 28%. The primary targets for such attacks are medium and small businesses. According to another study from Telstra, about 50% of victims pay a ransom for decrypting the data. This study also shows that because of the lack of backups, attacked companies are ready to pay hackers in the future.

 Despite the fact that the number of ransomware campaigns against ordinary users has decreased, the number of attacks on organizations continues to grow. Brute-forcing passwords for the Remote Desktop service is also a favorite technique of threat actors behind the Matrix and SamSam ransomware. To protect against such attacks, you need to use strong passwords and monitor remote connections to the corporate network. Also, you can leverage your SIEM with Ransomware Hunter use case to detect ransomware activity and Brute Force Detection to analyze authentication events from a wide variety of systems and services.