Matrix-THDA Ransomware

Matrix-THDA Ransomware Description

The Matrix-THDA Ransomware is an encryption ransomware Trojan that belongs to the Matrix family of ransomware, a large family of ransomware threats that has seen several variants in 2018. Threats in the Matrix family have increased in number since the release of a ransomware building kit by the original creators of the Matrix ransomware Trojans. While threats like the Matrix-THDA Ransomware can be distributed in many ways, the most common method that malware researchers have observed in the case of the Matrix-THDA Ransomware is through poorly protected RDP (Remote Desktop Protocol) connections, allowing the criminals to target small business servers and networks with the Matrix-THDA Ransomware.

How the Matrix-THDA Ransomware Carries Out Its Attack

The Matrix-THDA Ransomware is designed to take the victim's files hostage and then demand a ransom payment. The Matrix-THDA Ransomware uses a strong encryption algorithm to make the victim's files unreachable by encrypting and then marking the files encrypted by the attack via the addition the file extension '.THDA' to the file's name. Threats like the Matrix-THDA Ransomware focus on the files below when attacking a computer:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Matrix-THDA Ransomware's Ransom Demand

The Matrix-THDA Ransomware delivers a ransom note in the form of an RTF file named '!README_THDA!.rtf,' dropped on the infected computer's desktop. The text of the Matrix-THDA Ransomware's ransom note reads:

'WHAT HAPPENED WITH YOUR FILES?
Your documents, databases, backups, network folders and other important files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here:
h[tt]p://en.wikipedia[.]org/wiki/RSA (cryptosystem)
h[tt]p://en.wikipedia[.]org/wiki/Advanced Encryption Standard
It means that you will not be able to access them anymore until they are decrypted with your personal decryption key! Without your personal key and special software data recovery is impossible! If you will follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
If you want to restore your files, please write us to the e-mails: filesback@qq.com'

Computer users should not pay the Matrix-THDA Ransomware ransom amount since there is no guarantee that the criminals will restore the affected files.

Protecting Your Data from Threats Like the Matrix-THDA Ransomware

Computer users are encouraged to have file backups stored on the cloud or an independent memory device. Having file backups ensure that computer users can restore their data after an infection. Apart from file backups, computer users should install a security program capable of intercepting the Matrix-THDA Ransomware and removing this threat.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.