Matroska Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 7,183 |
| Threat Level: | 80 % (High) |
| Infected Computers: | 2,610 |
| First Seen: | July 25, 2017 |
| Last Seen: | September 15, 2023 |
| OS(es) Affected: | Windows |
The Matroska Ransomware is an encryption ransomware Trojan that was first observed on July 25, 2017. Victims of the Matroska Ransomware became infected with this threat after con artists taking advantage of poorly protected Remote Desktop Protocol accounts. The Matroska Ransomware may be installed on the victims' computers directly by taking advantage of vulnerabilities, which the con artists scan through the Web. Once a vulnerable computer is found, the con artists will install the Matroska Ransomware on it to take the affected computer hostage and demand the payment of a ransom.
A General Description of the Matroska Ransomware Attack
The Matroska Ransomware seems to run as an executable file named 'mscaut.exe' on the infected computer. The Matroska Ransomware will scan the affected computer in search for certain file types, creating an index of the files that can be targeted in its attack. The Matroska Ransomware will encrypt the files generated by the user, which will range from media files to databases and Microsoft Office files. The Matroska Ransomware's executable file runs as 'Windows Defender' and will add the extension '.hustonwehaveaproblem@keemail.me' to each file encrypted by the Matroska Ransomware attack. The Matroska Ransomware is based on HiddenTear, a well-known open source ransomware platform that was made public on Github in August 2015 and has spawned countless ransomware variants since its initial release.
Dealing with a Matroska Ransomware Attack
The Matroska Ransomware will display a long ransom note with information about the attack and other data after encrypting the victim's files. The text of the Matroska Ransomware's ransom note is:
'Your personal ID
All your files have been encrypted due to a security problem with your PC.
To restore all your files, you need a decryption.
If you want to restore them, write us to t e e-mail HUSTONWEHAVEAPROBLEM@KEEMAIL.ME.
In a letter to send Your personal ID (see In the beginning of this document).
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
In the letter, you will receive instructions to decrypt your files!
In a response letter you will receive the address of Bitcoin-wallet, which is necessary to perform the transfer of funds.
HURRY! Your personal code for decryption stored with us only 72 HOURS!
Our tech support is available 24 \ 7
Do not delete: Your personal ID
Write on e-mail, we will help you!
Free decryption as guarantee
Before paying you can send to us up to 1 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 5Mb.
When the transfer is confirmed, you will receive interpreter files to your computer.
After start-interpreter program, all your files will be restored.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data'
Unfortunately, it is not possible to recover files that have been encrypted in the Matroska Ransomware attack currently. Because of this, the best way to deal with the Matroska Ransomware is to take preventive measures. Since the Matroska Ransomware spreads through badly protected servers and RDP connections, use strong passwords and security protections to avoid these vulnerabilities. Malware researchers also advise computer users to have file backups on a memory device that can be removed or the cloud. The presence of file backups undoes the Matroska Ransomware attack strategy completely since victims are then under no pressure to pay a ransom in exchange for the encrypted files.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.