Matrix-THDA Ransomware

Matrix-THDA Ransomware shares similarities with our previously researched versions of Matrix Ransomware family, for example, Matrix-NOBAD Ransomware. This malicious application also encrypts user’s files same as the previous variants, but it renames and marks them with a new extension called .THDA. As you continue reading our article, we will provide examples of how the malware may rename victims’ files as well as tell you more details about the infection like where it could come from or how it works. Another thing we would like to mention from the start is the threat leaves a ransom note that suggests victims can purchase decryption tools to recover their files from the hackers, who created the malicious application. We do not recommend dealing with these people as there are no guarantees they will keep up to their promises. Therefore, if you slide below the article, you will find our prepared Matrix-THDA Ransomware removal instructions.

For starters, we will discuss how Matrix-THDA Ransomware could enter the system. Unfortunately, it is most likely the malware manages to get in with the victim’s help, although the user might not realize it. As you see, the threat could be spread with malicious email attachments, software installers, advertisements, and so on. Meaning, for it to settle in the user would need to download and launch the infected file. To avoid such mistakes, our researchers recommend scanning files obtained from untrustworthy sources with a reliable antimalware tool first. Of course, it would be even safer not to download suspicious data at all, which means users should not visit untrustworthy file-sharing web pages, ignore suspicious Spam emails, and so on. Naturally, how necessary it is for you to take extra precautions, depends on what data you store on the computer, and whether you wish to keep your system safe. In case, you have precious files you would not like to lose, we recommend being careful. Also, do not forget to backup most important data so you could restore it in case of an emergency.

Once launched, Matrix-THDA Ransomware should start encrypting user’s data with robust encryption algorithms that according to the hackers, are AES-128 and RSA-2048. After the files are affected, they should get new titles and a specific extension mentioned earlier in the article. For example, if you had a file called sunflowers.jpg, the encryption could turn it into [FilesBack@qq.com].007JMrKN-xLr9aLam.THDA or something similar and such changes should be visible on all encrypted data. Right after making user’s files unreadable, the malicious application should show a ransom note. It is available if you open a text document called !README_THDA!.rtf. The message inside starts with: ATENTION!!! We are realy sorry to inform you that ALL YOUR FILES WERE ENCRYPTED.” Then the text explains how to contact the hackers so the malware’s victims could come to an agreement with them. We are almost entirely sure, Matrix-THDA Ransomware’s developers would ask for Bitcoins in exchange for the promised decryption tools. The problem is you cannot know whether the hackers will honor this agreement as they can take the money you send without delivering the needed decryption tools to you.

All in all, we do not think it would be wise to deal with the hackers, especially if you do not want to risk your money or if you have backup copies that can be used to restore encrypted files. Thus, to those who do not wish to comply with the terms set by the Matrix-THDA Ransomware’s developers, we would advise deleting the malicious application. One way to erase it from the computer is to locate data associated with it and get rid of it manually. However, if you want to be sure it gets removed and you do not have much experience in eliminating such threats, it might be easier to employ a reliable antimalware tool. Simply perform a full system scan with it and then click the deletion button provided after the scan.

Erase Matrix-THDA Ransomware

1. Tap Ctrl+Alt+Delete.
2. Launch Task Manager.
3. Look for the malware’s process.
4. Select the process and press End Task.
5. Leave the Task Manager.
6. Click Win+E.
7. Find these locations:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Look for the threat’s installer, then right-click it and press Delete.
9. Locate files called !README_THDA!.rtf, right-click them and press Delete.
10. Exit File Explorer.
11. Empty Recycle bin.
12. Restart the system.