1 Reply Latest reply on Mar 30, 2017 3:56 AM by phoffmann

    .Matrix Cryptolocker virus - anyone else seen it yet?

    giannottin Rookie

      We got hit with it today, bypassed Kaspersky and it's sneaking past Malwarebytes as well. Anyone else seeing any activity with this? FYI as follows if anyone is interested:

       

      Drops in and creates a number of files in the %appdata%Roaming directory with random names like yv48XIIeis2i, etc. In there, it creates a number of batch files with 8-character random names. Those batch files all point to deleting random executables in the same directory.

       

      End result of the executables is to rename all the compromised files as *.MATRIX - it also drops the Ransom note in the %appdata%Roaming folder, as Readme-Matrix.rtf

       

      Curious as to whether or not anyone else has seen this and if Kaspersky picked it up for you. It appears to be a new variant on the old Cryptolocker scheme, so I'm not sure how prevalent it is in the wild.

       

      Cheers,

       

      - n

        • 1. Re: .Matrix Cryptolocker virus - anyone else seen it yet?
          phoffmann SupportEmployee

          I've not come across it (across any of my accounts yet) ... always loathe to see those things springing up.

           

          I'm "hoping" that this was a weak moment from a careless person on your side to introduce it onto their device, rather than a targeted affair (could be spear phishing?).

           

          Thanks for the heads up at any rate. Always "fun" to see this nonsense growing yet another head .