Home » Uncategorized » Matrix Deconstructed: the trend for targeted ransomware continues

Matrix Deconstructed: the trend for targeted ransomware continues



Sophos released a report that delves into Matrix ransomware

Primary means of access is through firewalls that have the Remote Desktop Protocol enabled

 As highlighted in Sophos’ 2019 Threat report, targeted ransomware attacks are gaining in prominence

Sophos, a global leader in network and endpoint security, today released a new report about a ransomware family called Matrix. The malware has been operating since 2016 and Sophos has tracked 96 samples in the wild.

Like previous targeted ransomware, including BitPaymer, Dharma and SamSam, the attackers who are infecting computers with Matrix have been breaking in to enterprise networks and infecting those computers over Remote Desktop Protocol (RDP), a built-in remote access tool for Windows computers.

However, unlike these other ransomware families, Matrix only targets a single machine on the network, rather than spreading widely through an organization.  

In its latest paper, SophosLabs reverse engineered the evolving code and techniques employed by the attackers, as well as the methods and ransom notes used to attempt to extract money from victims.

The Matrix criminals evolved their attack parameters over time, with new files and scripts added to deploy different tasks and payloads onto the network.

Matrix ransom notes are embedded in the attack code, but victims don’t know how much they must pay until they contact the attackers. For most of Matrix’s existence, the authors used a cryptographically-protected anonymous instant messaging service, called bitmsg.me, but that service has now been discontinued and the authors have reverted to using normal email accounts.

SophosLabs 2019 Threats Report

The threat actors behind Matrix make their demand for cryptocurrency ransom in the form of a U.S. dollar value equivalent. This is unusual as demands for cryptocurrency normally come as a specific value in cryptocurrency, not the dollar equivalent.

READ ALSO  The truth about Valentine celebrations

It’s unclear whether the ransom demand is a deliberate attempt at misdirection, or just an attempt to surf wildly fluctuating cryptocurrency exchange rates.

Based on the communications SophosLabs had with the attackers, ransom demands were for US$2,500, but the attackers eventually reduced the ransom when researchers stopped responding to demands.

Matrix is very much the Swiss Army Knife of the ransomware world, with newer variants able to scan and find potential computer victims once inserted into the network.

While sample volumes are small, that doesn’t make it any less dangerous; Matrix is evolving and newer versions are appearing as the attacker are improving on lessons learned from each attack.

In  Sophos’ 2019 Threat Report the team highlighted that targeted ransomware will be driving hacker behavior, and organizations need to remain vigilant and work to ensure they are not an easy target.

Sophos recommends implementing the following four security measures immediately:

·         Restrict access to remote control applications such as Remote Desktop (RDP) and VNC

·         Complete, regular vulnerability scans and penetration tests across the network; if you haven’t followed through on recent pen-testing reports, do it now. If you don’t heed the advice of your pentesters, the cybercriminals will win

·         Multi-factor authentication for sensitive internal systems, even for employees on the LAN or VPN

·         Create back-ups that are offline and offsite, and develop a disaster recovery plan that covers the restoration of data and systems for whole organizations, all at once

For additional information and fact checking, please refer to Matrix: A Low-Key Targeted Ransomware report by Sophos.

READ ALSO  Why Prosperity should be democratised - Tony Elumelu

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *



Check Also

This Dragon on British Royal flag …

The coffin of late Queen Elizabeth ...

5G: Ericsson, Google demonstrate multiple network slices on single device

IT News Nigeria: Ericsson and Google ...


Beyond MTN 5G launch headlines

Beyond the excitement of 5G launch ...

Opinion: Managing Rising Inflation in Nigeria

By: Emmanuel Otori No doubts, inflation ...


Nigeria ends award of Higher Diploma Certificates

Government says “There will be no ...

%d bloggers like this:
Skip to toolbar