Matrix-GBLOCK Ransomware Description
The Matrix-GBLOCK Ransomware is an encryption ransomware Trojan that is part of the Matrix family of ransomware, a large family of ransomware threats that has numerous variants due to the existence of a Matrix Ransomware Builder. This utility allows the criminals to create custom versions of this threat, providing RaaS (Ransomware as a Service) to third parties. The Matrix-GBLOCK Ransomware behaves like most encryption ransomware Trojans, taking the victims' files hostage. Then, the Matrix-GBLOCK Ransomware demands a ransom payment from the victim in exchange for the decryption key needed to restore the damaged data.
How the Matrix-GBLOCK Ransomware Attack Function
The Matrix-GBLOCK Ransomware uses the AES and RSA encryptions in its attack to make the victim's files inaccessible. The Matrix-GBLOCK Ransomware targets the user-generated files, which may include a wide variety of text, images, media, documents, and numerous other files. The files that threats like the Matrix-GBLOCK Ransomware usually targets in these attacks include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The criminals have the decryption tool and key needed to restore the files compromised by the Matrix-GBLOCK Ransomware attack, essentially taking them hostage. The files corrupted by the Matrix-GBLOCK Ransomware attack are easy to recognize because it will mark them with the string '[Gman222@protonmail.com]' as a prefix and the file extension '.GBLOCK' as an appendix to the files' names. The Matrix-GBLOCK Ransomware also will drop a ransom note in the form of a text file named '!GBLOCK_INFO.rtf' on the victim's computer's desktop. The Matrix-GBLOCK Ransomware ransom note reads as follows:
'HOW TO RECOVER YOUR FILES?
WE HAVE TO INFORM YOU THAT ALL YOUR FILES WERE ENCRYPTED!
PLEASE BE SURE THAT YOUR FILES ARE NOT BROKEN! Your files were encrypted with AES-128+RSA-2048 crypto algorithms.
* Please note that there is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server.
* Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
* Please note that you can recover files only with your unique decryption key, which stored on our server.
HOW TO RECOVER FILES? Please write us to the e-mail, we will send you instruction how to recover your data.
Our e-mail: Gman222@protonmail.com'
Protecting Your Data from Threats Like the Matrix-GBLOCK Ransomware
The best protection against threats like the Matrix-GBLOCK Ransomware is to have file backups, w3hich should be stored on the cloud or another safe place. Having file backups ensures that computer users can restore any data after an attack, removing the criminals' leverage to demand a ransom payment. The use of a security program that can stop the Matrix-GBLOCK Ransomware infections from taking root is highly recommended.