Matrix-NEWRAR Ransomware
The Matrix-NEWRAR Ransomware is an encryption ransomware Trojan that is a variant of a ransomware threat that appeared in 2018 (it is likely that multiple versions in this ransomware family will appear). The Matrix-NEWRAR Ransomware carries out a typical version of this tactic, making the victim's files inaccessible as a way to demand a ransom from the victim. Threats like the Matrix-NEWRAR Ransomware are becoming common increasingly, making it more important than ever that computer users take preventive measures to ensure that their files are safe from these attacks.
The Matrix Attacks Again!
The Matrix-NEWRAR Ransomware uses the AES and RSA encryptions to make the victim's files unusable. The Matrix-NEWRAR Ransomware attacks target small business networks rather than individual computer users. The Matrix-NEWRAR Ransomware targets the files with the following file extensions in its attacks:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, doc, .epub, .docx, .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb, .md2, .mdf, .mht, .mobi, .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
The Matrix-NEWRAR Ransomware will mark all the compromised files by adding the file extension '.NEWRAR' to each file's name.
The Matrix-NEWRAR Ransomware's Ransom Note
The Matrix-NEWRAR Ransomware delivers its ransom note in the form of a text file named '#NEWRAR_README.rtf,' which will be dropped in multiple locations on the infected computer. The Matrix-NEWRAR Ransomware delivers a ransom note, which content is:
'HOW TO RECOVER YOUR FILES INSTRUCTION
ATENTION!!!
We are really sorry to inform you that ALL YOUR FILES WERE ENCRYPTED by our automatic software. It became possible because of bad server security.
ATENTION!!!
Please don't worry, we can help you to RESTORE your server to original state and decrypt all your files quickly and safely!
INFORMATION!!!
Files are not broken!!! Files were encrypted with AES-128+RSA-2048 crypto algorithms. There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety, all information about your server and your decryption key will be automatically DELETED
AFTER 7 DAYS! You will irrevocably lose all your data! ' Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!
Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.
HOW TO RECOVER FILES???
Please write us to the e-mail (write on English or use professional translator): newrar@tuta.io
newrar@cock.lu
You have to send your message on each of our 3 emails due to the fact that the message may not reach their intended recipient for a variety of reasons!
In subject line write your personal ID:
[random characters]
We recommend you to attach 3 encrypted files to your message. We will demonstrate that we can recover your files.
Please note that files must not contain any valuable information and their total size must be less than 5Mb.
OUR ADVICE!!!
Please be sure that we will find common language. We will restore all the data and give you recommendations how to configure the protection of your server.
We will definitely reach an agreement;] !!!'
It is paramount to protect your data from threats like the Matrix-NEWRAR Ransomware. The best protections include having a security application and backup copies of your files in a secure location.
