Matrix rises again: uses malvertising and Rig Exploit kit for distribution

-
 0

Matrix crypto-malware was one of the viruses that security researchers did not take seriously at first due to its low distribution rates. However, in April of 2017, a researcher from Palo Alto Networks Unit had discovered a solid campaign, spreading none other but Matrix ransomware.

Some background information about Matrix virus

Then, security specialists had no other choice but to investigate this threat a little more closely than before, paying attention to the possibility of it “going big”. In April, the infection was transmitted with the help from RIG exploit kit and this is the feature that really put the infection on the map for some researchers.

Matrix ransomware virus

Long story short, EITest scripts were incorporated into a number of compromised websites that brought RIG exploit kit, assigned to distribute Matrix ransomware. What changes occurred that we are returning to the threat of Matrix and reevaluating its position among cyber threats? Read on to find out.

The current version of Matrix ransomware uses legal language to scare its victims into paying the demanded ransom. Infected people are accused of violating federal laws of the United States of America. Ransomware insists that victims’ IP addresses have been caught accessing websites, containing pornography, child pornography, zoophilia and child abuse. If intimidated victims do not pay ransoms in 96hours, hackers promise that they will never be able to recover their files. For a more thorough investigation of this infection, read our article about Matrix crypto-virus.

Recent events: Matrix crypto-malware distributed via RIG Exploit kit and malicious ads

Now, at the end of October of 2017, a researcher by the name of Jérôme Segura (working for Malwarebytes) warned the world about the return of Matrix ransomware. It has selected a slightly different method for distribution: malvertising. Basically, this term refers to online advertisements that are tainted with malicious codes. This specific malvertising campaign is described to take advantage of vulnerabilities in Internet Explorer and Adobe Flash Player.

Once infection slithers inside and manages to encode selected digital data, it will add a hefty extension to those files: .pyongyan001@yahoo.com. In addition to this, none of the encrypted executables will have their former titles: ransomware will replace them as well. It appears that October is one of the most active months for crypto-malware.

Just last week the world trembled before the dirty paws of Bad Rabbit, and now, Matrix virus decided to play a bigger role than ever before. Up until the discovery of Matrix’s new campaign for transmission, ransomware was believed to have left the playground for good. However, it is evident that this assumption was made much too soon.

Updates available for Adobe Flash Player and Internet Explorer: hurry up to update them!

Soon after Matrix infection showed its claws, Flash Player and IE received updates, patching vulnerabilities that allow RIG Exploit kit install the ransomware into operating systems. However, you can never predict which software or device will turn out to have some significant vulnerabilities. All you are entitled to do is back up your digital files in case of an emergency. If you do not want to suffer the consequences, make the right choice to upload important digital data in secure storages.

Source: securityaffairs.co.

 

About the author

 - Main Editor

I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.

 
 
 

Leave a Reply

Your email address will not be published. Required fields are marked *