A new report from SophosLabs released today details a new form of ransomware that has been flying under the radar until now.
Dubbed Matrix, the ransomware is unique in that it targets a single machine rather than spreading through an organization like other forms of ransomware. In addition, the attackers also force the victim to message them directly to show proof of encryption before they disclose the ransom amount.
Matrix also differs in the way it is distributed. Whereas most prominent ransomware attacks involve widespread phishing campaigns, those behind Matrix in most cases gain access to victim’s personal computer by performing an active brute-force attack against the passwords for Windows machines. They do so via gaining access through a firewall that has the Remote Desktop Protocol enabled.
The researchers noted that though the attack is less sophisticated than others, Matrix also comes equipped with a “Swiss Army knife” of malware that helps it carry out its attack.
“While the malware has been under continuous development and improvement while we have been monitoring it, the authors or operators of this malware do not appear to behave as professionally as, by comparison, the SamSam gang,” the report explained. “They have made frequent mistakes along the way, some of which have been corrected, and other features implemented then abandoned. They do not always employ adequate operational security, which might be the cause of their eventual undoing.”
Attacks using Matrix have been detected globally, with 28 percent of detections coming from the U.S. Hinting at its country of origin, later versions of the ransomware prevent it being fully executed if the victim’s machine uses Russian and eastern European languages.
“While it is not in wide distribution, Matrix appears to herald a future in which small, bespoke
ransomware gangs engage in moderate-return targeted attacks simply because the low-hanging fruit exists,” the researchers concluded.
Photo: Marcin Wichary/Wikimedia Commons
Since you’re here …
The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.