The Matrix ransomware was first detected in 2016, since when it has expanded its sphere of influence to dangerous proportions through a series of mutations and updates.
The Matrix ransomware uses an RIG toolkit to take possession of as many PCs as it can. RDP enabled computers that run on Windows are particularly vulnerable.
Cybercriminals are using the Matrix ransomware to break into corporate networks. A feature that distinguishes Matrix from other ransomwares such as BitPaymer, SamSam and Dharma is that the Matrix ransomware needs to infect only one system and doesn’t have to traverse the entire corporate network.
The good news is that the Matrix ransomware does have a fair share of flaws, including a lack of operational security that can be exploited.
Ransom demands are embedded in the code. Victims never get to know how much they are liable to pay until they get in touch with the network infiltrator. Payments are demanded in cryptocurrencies.
This is a rapidly mutating security hazard with the potential to severely compromise enterprise systems.
Preventive Measures
- Avoid enabling RDP based communication unless unavoidable
- Carry out frequent vulnerability scans and penetration tests
- Enforce multi-factor authentication
- Take regular backups, both offline as well as at remote locations