Matrix-MDEN Ransomware

The Matrix-MDEN Ransomware is an encryption ransomware Trojan that was first observed on March 25, 2019. The Matrix-MDEN Ransomware is part of the Matrix ransomware family, which has been active since April of 2018. The Matrix-MDEN Ransomware carries out a typical encryption ransomware attack, by marking the victim's files with the file extension '.MDEN.' The attack itself consists of taking the victim's files hostage and then demanding a ransom payment, identical to most other encryption ransomware attacks.

How the Matrix-MDEN Ransomware Trojan Carries Out Its Attack

The Matrix-MDEN Ransomware uses the AES and RSA encryptions to make the victim's files inaccessible. The Matrix-MDEN Ransomware targets the user-generated files and also deletes the Shadow Volume Copies and the System Restore Points. Samples of the types of files that threats like the Matrix-MDEN Ransomware target in these attacks include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Matrix-MDEN Ransomware delivers a ransom note in the form of an RTF file named '!MDEN_INFO!.rtf,' which requests that the victim pays a ransom and contact the criminals via email. The Matrix-MDEN Ransomware's contact email also is appended to the names of the files that have been compromised by the Matrix-MDEN Ransomware attack. Part of the text of the Matrix-MDEN Ransomware ransom note is displayed below:

'WHAT HAPPENED WITH YOUR FILES?
Your documents, databases, backups, network folders and other important files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
http://en.wikipedia.org/wiki/RSA_(cryptosystem)
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
It mеаns thаt yоu will nоt bе аblе tо аccеss thеm аnуmоrе until thеу аrе dесrуptеd with yоur pеrsоnаl dесrуptiоn kеy! Withоut уоur pеrsоnаl kеy аnd sреciаl sоftwаrе dаtа rеcоvеrу is impоssiblе! If yоu will fоllоw оur instruсtiоns, wе guаrаntее thаt yоu cаn dесryрt аll yоur filеs quiсkly аnd sаfеly!
If yоu wаnt tо rеstоrе yоur filеs, plеаsе writе us tо thе е-mаils:
smartden@protonmail.com'

Protecting Your Data from Threats Like the Matrix-MDEN Ransomware

The best protection against threats like the Matrix-MDEN Ransomware is to have backup copies of your files saved on the cloud or an external memory device. Having file backups ensures that computer users can restore their data quickly after an attack without needing to communicate with the criminals responsible for the attack. Do not pay the Matrix-MDEN Ransomware ransom or contact the perpetrators of its attack. Both actions simply increase the risk for additional infections and also allow the criminals to profit from these threats and continue to create new ransomware variants. Apart from file backups, computer users also are advised to install and use a trustable security program that is kept fully up-to-date.