Threat Database Ransomware AES-Matrix Ransomware

AES-Matrix Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 3
First Seen: August 23, 2017
Last Seen: March 31, 2019
OS(es) Affected: Windows

PC security researchers first observed the AES-Matrix Ransomware on July 7, 2017. The AES-Matrix Ransomware seems to be related to an earlier ransomware Trojan known as the GruxEr Ransomware, which was first observed on May 2017. The AES-Matrix Ransomware is just one of numerous encryption ransomware Trojans that have appeared in 2017, which has marked increase in these infections and also may be related to the increase in the price of Bitcoins (that are used to carry out the payments associated with these tactics.) The main targets in the AES-Matrix Ransomware are small and medium businesses, and the AES-Matrix Ransomware seems to spread by taking advantage of poorly protected Remote Desktop Protocol connections mainly. Taking advantage of poor password protection or poorly implemented security measures, con artists will compromise these vulnerabilities to install the AES-Matrix Ransomware on the company's servers. However, the AES-Matrix Ransomware also can be used to attack individual computer users.

How the AES-Matrix Ransomware Compromise Your Files

Once the AES-Matrix Ransomware is installed on a computer, it will use the AES 256 encryption to make the victim's files inaccessible. The AES-Matrix Ransomware will encrypt the victim's files, searching for files on all local drives, as well as on network shared directories. The AES-Matrix Ransomware will ask for a ransom from the victim once the victim's files have been encrypted. The AES-Matrix Ransomware targets the files that are user-generated, typically looking for databases, configuration files, images, videos, audio, and files associated with commonly used software. The AES-Matrix Ransomware seems to be a variant of HiddenTear, an open source ransomware platform that has spawned countless ransomware Trojans. However, the AES-Matrix Ransomware will not mark the affected files with custom extensions or carry out similar tasks that are associated with HiddenTear variants commonly.

The AES-Matrix Ransomware’s Ransom Note

The AES-Matrix Ransomware will deliver a ransom note to the victim, informing the victim of the attack and demanding the payment of a ransom from the victim. The following is the ransom note that has been linked to the AES-Matrix Ransomware attack:

Your all datas have been encrypted by AES-256 key,
If you want to decrypt by yourselft, It would take hundred years,
If you can pay some money, I will send you the decrypt key, you can get your data back immediately.
According to the CyberEdge Group's 2017 Cyberthreat Defense Report, 1/3 company paid a ransom.
So it is not shame to pay ransom,many company paid it before.
Your are so large Security Safes company.
Now would you like to see your business become like a startup or just pay to continue your business?
Contact my email: or
If you do not contact me soon, you key will be deleted automaticly by system and you will lose your data 4ever.
Just take it as security consultant fee. They charge much more than me.'

The AES-Matrix Ransomware's ransom note includes some images associated with 'The Matrix' movie series, which is where the AES-Matrix Ransomware receives its name. The AES-Matrix Ransomware demands the payment of 250 USD in Bitcoins and quotes phony statistics to trick computer users into paying the ransom. However, computer users should avoid paying the AES-Matrix Ransomware ransom.

Dealing with an AES-Matrix Ransomware Infection

There are several reasons why computer users should avoid paying the AES-Matrix Ransomware ransom. The con artists will rarely deliver the data after the payment and, even if they do, the ransom payment will allow these people to continue creating these infections and claiming new victims. Instead, malware analysts advise computer users to have a reliable backup system. Having file backups is the best protection against threats like the AES-Matrix Ransomware since computer users can restore their files from the backup instead of having to pay the ransom. Backups remove any leverage the extortionists hold over the victims in these attacks effectively.


Most Viewed