Threat Database Ransomware Matroska Ransomware

Matroska Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Ranking: 7,183
Threat Level: 80 % (High)
Infected Computers: 2,610
First Seen: July 25, 2017
Last Seen: September 15, 2023
OS(es) Affected: Windows

The Matroska Ransomware is an encryption ransomware Trojan that was first observed on July 25, 2017. Victims of the Matroska Ransomware became infected with this threat after con artists taking advantage of poorly protected Remote Desktop Protocol accounts. The Matroska Ransomware may be installed on the victims' computers directly by taking advantage of vulnerabilities, which the con artists scan through the Web. Once a vulnerable computer is found, the con artists will install the Matroska Ransomware on it to take the affected computer hostage and demand the payment of a ransom.

A General Description of the Matroska Ransomware Attack

The Matroska Ransomware seems to run as an executable file named 'mscaut.exe' on the infected computer. The Matroska Ransomware will scan the affected computer in search for certain file types, creating an index of the files that can be targeted in its attack. The Matroska Ransomware will encrypt the files generated by the user, which will range from media files to databases and Microsoft Office files. The Matroska Ransomware's executable file runs as 'Windows Defender' and will add the extension '' to each file encrypted by the Matroska Ransomware attack. The Matroska Ransomware is based on HiddenTear, a well-known open source ransomware platform that was made public on Github in August 2015 and has spawned countless ransomware variants since its initial release.

Dealing with a Matroska Ransomware Attack

The Matroska Ransomware will display a long ransom note with information about the attack and other data after encrypting the victim's files. The text of the Matroska Ransomware's ransom note is:

'Your personal ID
All your files have been encrypted due to a security problem with your PC.
To restore all your files, you need a decryption.
If you want to restore them, write us to t e e-mail HUSTONWEHAVEAPROBLEM@KEEMAIL.ME.
In a letter to send Your personal ID (see In the beginning of this document).
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
In the letter, you will receive instructions to decrypt your files!
In a response letter you will receive the address of Bitcoin-wallet, which is necessary to perform the transfer of funds.
HURRY! Your personal code for decryption stored with us only 72 HOURS!
Our tech support is available 24 \ 7
Do not delete: Your personal ID
Write on e-mail, we will help you!
Free decryption as guarantee
Before paying you can send to us up to 1 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 5Mb.
When the transfer is confirmed, you will receive interpreter files to your computer.
After start-interpreter program, all your files will be restored.
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data'

Unfortunately, it is not possible to recover files that have been encrypted in the Matroska Ransomware attack currently. Because of this, the best way to deal with the Matroska Ransomware is to take preventive measures. Since the Matroska Ransomware spreads through badly protected servers and RDP connections, use strong passwords and security protections to avoid these vulnerabilities. Malware researchers also advise computer users to have file backups on a memory device that can be removed or the cloud. The presence of file backups undoes the Matroska Ransomware attack strategy completely since victims are then under no pressure to pay a ransom in exchange for the encrypted files.


Most Viewed