Threat Database Ransomware Matrix-NOBAD Ransomware

Matrix-NOBAD Ransomware

By GoldSparrow in Ransomware

The Matrix-NOBAD Ransomware is an encryption ransomware Trojan that belongs to a large family of ransomware Trojans that has come to be known asMatrix. The Matrix-NOBAD Ransomware was first observed on October 10, 2018. Typically, the Matrix-NOBAD Ransomware and its variants are delivered to the victims via compromised Microsoft Word documents included in spam email messages. There is very little to differentiate the Matrix-NOBAD Ransomware from the numerous ransomware Trojans that are being used to attack computer users currently.

How the Matrix-NOBAD Ransomware Attacks a Computer

The Matrix-NOBAD Ransomware has two variants. Both use strong encryption algorithms to encrypt the victim's files, and mark the affected files with the file extension 'NOBAD,' added to the file's name. The Matrix-NOBAD Ransomware delivers a ransom note named '#NOBAD_README#.rtf' to the victim's computer's desktop. The Matrix-NOBAD Ransomware will target the user-generated file in its attack, which include numerous file types, such as the following:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Matrix-NOBAD Ransomware's ransom note, contained in the RTF file mentioned above, contains a ransom message (which has been observe in numerous other Matrix variants previously), that reads:

Your documents, databases, backups, network folders and other important files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here:
h[tt]p://en.wikipedia[.]org/wiki/RSA (cryptosystem)
h[tt]p://en.wikipedia[.]org/wiki/Advanced Encryption Standard
It means that you will not be able to access them anymore until they are decrypted with your personal decryption key! Without your personal key and special software data recovery is impossible! If you will follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
If you want to restore your files, please write us to the e-mails: [email address]
In subject line of your message write your personal ID: [random characters]'

Protecting Your Data from Threats Like the Matrix-NOBAD Ransomware

The Matrix-NOBAD Ransomware uses an encryption method that is not reversible without the decryption key. Therefore, the best protection against the Matrix-NOBAD Ransomware and similar threats is to have backup copies of your files. Malware researchers advise having file backups stored on the cloud or an external memory device. Additionally, they recommend that computer users have a security program always available, which can then be used to remove the Matrix-NOBAD Ransomware threat itself, even if it is not capable of restoring files encrypted in the Matrix-NOBAD Ransomware attack. Since threats like the Matrix-NOBAD Ransomware are delivered using emails, learning to deal with spam email safely is also an important aspect of dealing with threats like the Matrix-NOBAD Ransomware.


Most Viewed