Matrix-NEWRAR Ransomware

Are you familiar with ransomware? If you are not, we can introduce you to a perfect example – Matrix-NEWRAR Ransomware. This infection is stealthy, clandestine, and quick, and if you let it in – and victims of this malware are usually tricked into doing that themselves – your precious personal files can be corrupted in a very aggressive manner. Unfortunately, there isn’t anything you can do to decrypt your files because that is simply impossible. The creator of the infection might try to convince you that you need to pay a ransom in return for a unique decryption key that, allegedly, would help, but you must know already that cyber criminals cannot be trusted. Hopefully, you can restore your files from backup, but if you rely on your system’s backup, you might be disappointed because the infection deletes shadow volume copies using a silent command. You can learn all about this and more if you continue reading this report. Our greatest focus, of course, is on removing Matrix-NEWRAR Ransomware, and we discuss two different methods that you could apply to eliminate this infection.

Matrix-NEWRAR Ransomware is a new variant of the infamous Matrix Ransomware, also known as Matrix9643@yahoo.com Ransomware. The infection could use several different channels of distribution, but it is most likely to employ spam emails. The attachment sent along this email could look completely harmless, and if the message inside tricks you into opening it, the infection can be launched without your notice. Once executed, it immediately looks for a local IP address that has file sharing enabled via LAN. If Matrix-NEWRAR Ransomware connects successfully, it infects the system on the network, and the encryption of files begins shortly after that. As the files get encrypted, a unique extension is appended to their names. It is “[newrar@tuta.io].[8 random characters]-[8 random characters].NEWRAR,” and the characters are unique in every case. Of course, an extension like that cannot be missed. This is not the only indication that files were encrypted and that you need to delete a malicious ransomware infection. The threat also creates a “[8 random characters].bmp” file in %APPDATA% to deliver a message via your Desktop wallpaper. You can remove this file without much trouble.

The devious Matrix-NEWRAR Ransomware also creates a file named “#NEWRAR_README#.rtf,” which is dropped to every folder that contains corrupted personal files. This file represents the ransom note, and it is very long and very detailed. The message informs that your system was infected due to server security issues, and then it reassures that files can be restored, which, most likely, is a total scam. It is suggested that you can obtain a decryption key – which, allegedly, is deleted after 7 days – and to do that you are pushed to email a unique ID number (in the message) to newrar@tuta.io and newrar@cock.lu. Cyber criminals behind the infection want to make sure that communication is successful, and so they also offer an alternative method using BitMessage (BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm). We do not recommend communicating with cyber criminals via any channels because all they want is your money, and they will do anything to convince you that it is your only option. Unfortunately, you are likely to pay the ransom only to find out that the decryptor does not exist or does not work. This is why we suggest focusing on the removal of Matrix-NEWRAR Ransomware.

You know where the BMP file created by the ransomware is. You also can find the RTF file and all of its copies. These components must be removed, but, of course, you need to focus on finding the .exe file of this ransomware. This is the launcher and the main component responsible for the entire mess. While the infection might be completely done by the time you come around to removing it, you still want to erase it. If you cannot delete Matrix-NEWRAR Ransomware manually, you can install a legitimate anti-malware program, and it will find and erase it automatically. This is, without a doubt, the best option you have because the program can eliminate other threats that might exist, and it also can establish full protection against malware in the future. And what about files? Hopefully, you have backups, and if you do not want to lose files in the future, we suggest backing them up.

Matrix-NEWRAR Ransomware Removal

1. Delete the malicious launcher file. If you cannot find it yourself, use an anti-malware program.
2. Delete the ransom note file called #NEWRAR_README#.rtf (copies exist in all affected folders).
3. Tap Win+E to launch Windobws Explorer and type %APPDATA% into the field at the top.
4. Tap Enter to access the directory and then Delete the [8 random characters].bmp file.
5. Empty Recycle Bin to eliminate all of these components completely.
6. Install a trusted malware scanner and run a full system scan to see if your system is clean.