Matrix-EMAN50 Ransomware

The Matrix-EMAN50 Ransomware is a working name that is associated with a new version of the Matrix Ransomware that was released on April 13th, 2018 initially. The version dubbed Matrix-EMAN50 Ransomware was reported by compromised users on October 8th, 2018. The new variant exhibits the same behavior albeit with some minor differences. The Matrix-EMAN50 Ransomware is distributed via spam emails and corrupted Microsoft Word files. The Matrix-EMAN50 Ransomware uses the same encryption techniques as its predecessors — the KOK8 Ransomwar and the Matrix-ITLOCK Ransomware. The encryption Trojan at hand is reported to mark the encrypted files by adding extensions like '.EMAN50' and '.GMAN.'

The version that uses '.EMAN50' is observed to write '#README_EMAN50#.rtf' to the user's desktop and the other writes '#README_GMAN#.rt.' Both instances of '#README_#.rtf' feature the same content and urge users to send an email to one of two email addresses. We have received reports that Matrix-EMAN50 and Matrix-GMAN222 refer to email accounts that include — 'gman222@qq.com,' 'tru888@qq.com,' 'tru8@protonmail.com' and 'tru8@tutanota.com.'

The team behind the Matrix-EMAN50 Ransomware and its clone dubbed Matrix-G222 Ransomware may receive updates that expand the pool of the file markers used by the ransomware operators. The threat actors who control the Matrix Ransomware platform have been very active in 2018, and it is possible that we may see the rise of a new Ransomware-as-a-Service business. Hence, PC users may be targeted from a multitude of attack vectors, and it is recommended that you protect your data sooner rather than later. A good backup manager and a portable SSD can help you improve your chances of surviving a crypt-threat attack unscathed relatively. You may be interested in opting into a cloud storage service if you wish to speed up the backup process and shorten the recovery time in case something like the Matrix-EMAN50 Ransomware lands onto your machine.