We got hit with it today, bypassed Kaspersky and it's sneaking past Malwarebytes as well. Anyone else seeing any activity with this? FYI as follows if anyone is interested:
Drops in and creates a number of files in the %appdata%Roaming directory with random names like yv48XIIeis2i, etc. In there, it creates a number of batch files with 8-character random names. Those batch files all point to deleting random executables in the same directory.
End result of the executables is to rename all the compromised files as *.MATRIX - it also drops the Ransom note in the %appdata%Roaming folder, as Readme-Matrix.rtf
Curious as to whether or not anyone else has seen this and if Kaspersky picked it up for you. It appears to be a new variant on the old Cryptolocker scheme, so I'm not sure how prevalent it is in the wild.