- Slow Computer
- System crashes
- Normal system programs crash immediatelly
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Matrix-EMAN Ransomware is a dangerous computer infection that might destroy your files for good. This is a ransomware infection that can encrypt your files, and you will have to scramble looking for ways to get your files back. Please note that this program will ask you to pay the ransom fee, but paying is NEVER an option. You have to remove Matrix-EMAN Ransomware from your system first and foremost.
Ransomware infections are really dangerous and frustrating because it is often impossible to properly mitigate the damage. However, by removing the program in question and not paying the ransom, you help us fight this global endemic.
Matrix-EMAN Ransomware is not a stand-alone infection. From what we can tell, it is another version of the previously released Matrix Ransomware. Thus, we can assume that both infections behave in a similar way, although, sadly, it is not possible to employ the same decryption key across both infections. Our research team also says that Matrix-EMAN Ransomware shares some similarities with the previously detected Matrix-Newrar Ransomware. Therefore, we can assume that this is not the end, and we will probably see more programs from the same group attacking innocent users in the future.
Our research team also says that Matrix-EMAN Ransomware spreads in the usual ways. It means that this program usually reaches its victims via spam email attachments and unsafe Remote Desktop Protocol connections. In other words, the users on the target system encounter some sort of a file that happens to be the ransomware installer, and they open that file.
Now, why would they ever do that? Who would ever install ransomware willingly? Of course, no one is that silly. The problem here is that users are seldom aware of the potential threat. Spam emails that carry ransomware installers are often very sophisticated, and they look like legitimate messages from reliable senders. For instance, you might receive a notification from a bank, saying that you have to check the latest financial report (attached), and if the message comes with a sense of urgency, the unsuspecting user might easily open the file without any second thought.
The same goes for unsafe RDP connections. You might receive a message from someone that you know, or it could be a direct attack, saying that you have to download and open some file. If you use RDP at work very often, you might not stop before you open a certain file. This is actually very dangerous, especially if your work computer is connected to the entire network. By infected your computer with Matrix-EMAN Ransomware, you might as well infect the entire corporate system with it.
When Matrix-EMAN Ransomware enters the target system the program checks for all the available local drives. It means that it might also damage USB drives if it finds any plugged in. The program can also connect to the Internet via 220.127.116.11:80 and upload user data to its command and control server. Our research has found that it shares the computer’s name and the username with its creators.
To make sure that you cannot get your files back in some miraculous way, Matrix-EMAN Ransomware also deletes the Shadow volume copies (if they were enabled), and then it encrypts your files. Once the encryption is complete, the program opens the ransom note that says the following:
The message lists at least several ways to contact the criminals because, as they put it, “the message may not reach their intended recipient for a variety of reasons.” It means that the program’s server connection is shaky, and even if you were to pay the ransom, it might not be able to issue the decryption key in the first place.
Luckily, Matrix-EMAN Ransomware does not create a point of execution, so it is a lot easier to remove this program. When you remove it from your computer, be sure to check whether the public decryption tool is available. At the time of the research, it wasn’t, but things could have changed.
Of course, if you have a file backup, you do not need to worry about the decryption tool. Simply transfer the healthy copies into your drive and delete the encrypted files. Also, do everything you can to avoid similar infections in the future.
How to Remove Matrix-EMAN Ransomware