Security researcher (Jérôme Segura) from Malwarebytes has found that Matrix Ransomware has risen again and it is now being distributed through the RIG exploit kit.
The Matrix Ransomware was first spotted in 2016 by Palo Alto Networks researchers, since then the malware had slowly faded until these days.
The Matrix Ransomware exploit vulnerabilities in Internet Explorer (CVE-2016-0189) and flash (CVE-2015-8651). For the user to become infected, the user only requires to visit a website that includes malvertisements using a vulnerable machine and they will become infected with the ransomware.
When a machine is infected with the latest version of the Matrix Ransomware, the malware will encrypt all the files on the user’s computer, change the file names, and add the .pyongyan001@yahoo.com extension to the file name.
Then the ransomware will leave ransom notes named “#_#WhatWrongWithMyFiles#_#.rtf” in with the encrypted files. In the end, it will present a ransom screen that provides data on what has occurred to the files.
Users are recommended to install all available security updates for their installed programs and operating system to become secure.