AES-Matrix Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | August 23, 2017 |
| Last Seen: | March 31, 2019 |
| OS(es) Affected: | Windows |
PC security researchers first observed the AES-Matrix Ransomware on July 7, 2017. The AES-Matrix Ransomware seems to be related to an earlier ransomware Trojan known as the GruxEr Ransomware, which was first observed on May 2017. The AES-Matrix Ransomware is just one of numerous encryption ransomware Trojans that have appeared in 2017, which has marked increase in these infections and also may be related to the increase in the price of Bitcoins (that are used to carry out the payments associated with these tactics.) The main targets in the AES-Matrix Ransomware are small and medium businesses, and the AES-Matrix Ransomware seems to spread by taking advantage of poorly protected Remote Desktop Protocol connections mainly. Taking advantage of poor password protection or poorly implemented security measures, con artists will compromise these vulnerabilities to install the AES-Matrix Ransomware on the company's servers. However, the AES-Matrix Ransomware also can be used to attack individual computer users.
Table of Contents
How the AES-Matrix Ransomware Compromise Your Files
Once the AES-Matrix Ransomware is installed on a computer, it will use the AES 256 encryption to make the victim's files inaccessible. The AES-Matrix Ransomware will encrypt the victim's files, searching for files on all local drives, as well as on network shared directories. The AES-Matrix Ransomware will ask for a ransom from the victim once the victim's files have been encrypted. The AES-Matrix Ransomware targets the files that are user-generated, typically looking for databases, configuration files, images, videos, audio, and files associated with commonly used software. The AES-Matrix Ransomware seems to be a variant of HiddenTear, an open source ransomware platform that has spawned countless ransomware Trojans. However, the AES-Matrix Ransomware will not mark the affected files with custom extensions or carry out similar tasks that are associated with HiddenTear variants commonly.
The AES-Matrix Ransomware’s Ransom Note
The AES-Matrix Ransomware will deliver a ransom note to the victim, informing the victim of the attack and demanding the payment of a ransom from the victim. The following is the ransom note that has been linked to the AES-Matrix Ransomware attack:
'Hello,
Your all datas have been encrypted by AES-256 key,
If you want to decrypt by yourselft, It would take hundred years,
If you can pay some money, I will send you the decrypt key, you can get your data back immediately.
According to the CyberEdge Group's 2017 Cyberthreat Defense Report, 1/3 company paid a ransom.
So it is not shame to pay ransom,many company paid it before.
Your are so large Security Safes company.
Now would you like to see your business become like a startup or just pay to continue your business?
Contact my email: darkpart@tutanota.com or darkware@tutanota.com
If you do not contact me soon, you key will be deleted automaticly by system and you will lose your data 4ever.
Just take it as security consultant fee. They charge much more than me.'
The AES-Matrix Ransomware's ransom note includes some images associated with 'The Matrix' movie series, which is where the AES-Matrix Ransomware receives its name. The AES-Matrix Ransomware demands the payment of 250 USD in Bitcoins and quotes phony statistics to trick computer users into paying the ransom. However, computer users should avoid paying the AES-Matrix Ransomware ransom.
Dealing with an AES-Matrix Ransomware Infection
There are several reasons why computer users should avoid paying the AES-Matrix Ransomware ransom. The con artists will rarely deliver the data after the payment and, even if they do, the ransom payment will allow these people to continue creating these infections and claiming new victims. Instead, malware analysts advise computer users to have a reliable backup system. Having file backups is the best protection against threats like the AES-Matrix Ransomware since computer users can restore their files from the backup instead of having to pay the ransom. Backups remove any leverage the extortionists hold over the victims in these attacks effectively.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.