Severity scale:  

Remove Matrix ransomware (Virus Removal Instructions) - updated Jan 2019

removal by Lucia Danes - - | Type: Ransomware

Matrix ransomware is a data locker that has been encrypting users' files since late 2016

The screenshot of Matrix malwareMatrix is a ransomware which was first discovered in 2016.

Questions about Matrix ransomware

Matrix ransomware[1] is a crypto malware that was first designed as a screen locker accusing users of illegal activities (such as viewing child pornography or downloading copyrighted material). While the virus did not modify personal data on the computer at the beginning of its functionality, hackers behind Matrix eventually decided to add more functions. At the moment, malware is operating as fully-functional ransomware: it uses a combination of AES and RSA encryption algorithms to lock up data and modifies its structure by adding numerous extensions. The first variant used either .Matrix or .MATRIX!!! extensions and also dropped the MATRIX-Readme.rtf ransom note written in the Russian and English languages. However, at the moment there are almost twenty different versions of Matrix virus appending .FOX, .KOK08, .EMAN, .GMAN, .RELOCK, .FASTA, .GMBN, .ITLOCK and, most recently, .PEDANT extension.

Name Matrix
Malware type Ransomware
Distribution Hacker Remote Desktop Service, spam
Encryption method AES-128 and RSA-2048
Versions TheMatrixHasYou, 2017 Matrix version, [] file extension virus, [] virus, [].-.CORE virus, Matrix, KOK08, NEWRAR, FASTBOB, ITLOCK, EMAN, NOBAD, GMAN, RELOCK, FOX, GMPF, FASTA, SPCT, GRHAN, GMBN, PEDANT and other versions.
Ransom note

matrix-readme.rtf, !ReadMe_To_Decrypt_Files!.rtf, #What_Wrong_With_Files#.rtf, #CORE_README#.rtf, #FOX_README#.rtf; #KOK08_README#.rtf; #_#FASTBOB_README#_#.rtf, !ITLOCK_README!.rtf, #README_EMAN#.rtf, !README_GRHAN!.rtf, !README_GMBN!.rtf, !PEDANT_INFO!.rtf and other filenames

Danger level High. Encrypts personal files, initiates malicious system's changes
Decryptable No
Download Reimage Reimage Cleaner Intego and run a full system scan to get rid of MaLicious files

According to the research, Matrix ransomware is still active in 2019, and it seems like hackers will not stop the releases of new versions. It has been receiving updates to avoid detection and to affect more victims. At the moment, extensions used by the malware include the following strings but are not limited to the following:

  • .[];
  • .[];
  • .[].-.CORE;
  • .FOX;
  • [].-.KOK8;
  • .KOK08;
  • .ITLOCK;
  • .EMAN;
  • .NOBAD;
  • .GMAN;
  • .GMPF;
  • .FASTA;
  • .SPCT;
  • .GRHAN;
  • .GMBN;

Few versions of this malware are not changing files' names and only drop #What_Wrong_With_Files#.rtf, #CORE_README#.rtf, #README_FASTA#.rtf, and other ransom notes on every folder to inform the victim about the attack and its outcomes. 

In the beginning, the virus was relying on the ransom message called matrix-readme.rtf. However, together with numerous versions presented, virus developers are dropping new ransom notes on the system asking to use the following email addresses to contact scammers: 

  • TRU888@QQ.COM

As soon as such malware compromises a computer, it scans for important data and encodes them with AES and RSA ciphers to make them inaccessible. After that, it marks them with .matrix, [], [] or no extension.

The malware has been spreading via hacked Remove Desktop Services (RDS) brute forcing the password. Nonetheless, it can also be dispersed in spam email attachments and fake updates. Since the developers have started employing RIG exploit kit to boost distribution of this ransomware, there is a great danger of getting this threat. It is targeting English-speaking countries, Russia, Spain, Poland, Italy and many other countries from all around the world.

Please, do NOT follow these commands! You should take care of Matrix ransomware removal right after finding encrypted files on your computer. Additionally, use data recovery options that we provided at the end of this post to recover your encrypted data.

If you’re looking for Matrix decryption tool, you should know that currently there is none. It is extremely hard to decrypt files without knowing the decryption key, and that is why ransomware developers have put every effort to hide it from the computer user. Typically, they keep the decryption key in the hidden servers, so the first step after finding out that the system is infected is very simple: remove Matrix virus to make sure that there are as little encrypted files as possible. 

Matrix version 2Matrix ransomware is a file-encrypting virus which uses different file extensions depending on the version.

After staying still, the virus came back in October 2017

On October 2017, Matrix ransomware made its first comeback[2]. The authors continue relying on RIG exploit kit. There are no crucial changes except a couple of new email addresses. One of them refers to North Korea's capital Pyongyang.

The fact that the malware is placed in .saz folder suggests it may be distributed via email attachments.  Fortunately, the latest version is already detectable (TR/Crypt.Xpack.vdzpt, Trojan.Ransom.Matrix, etc.) by security tools. The virus may hide in 1q0NOiyA.exe or alternative executable file.

Another variant can be recognized by the file extension []. In comparison to the previous version, this one is a bit more elaborate in terms of debugging messages and cipher command. Its ransom note is named as #Decrypt_Files_ReadMe#.rtf. The victim is asked to send a unique identification number via one of the following email addresses: 


Matrix ransomware debugging messagesMatrix ransomware is still active in 2018 and receives updates.

It would be unwise to remit the payment as there are no guarantees that the developers will play fair and return them. There have also been doubts about their decrypter and if it is functioning properly. If it is a program, it may contribute to future crypto-malware hijack. Therefore, remove Matrix ransomware virus in a hurry. You can use anti-malware tools, such as Reimage Reimage Cleaner Intego or Malwarebytes, for the ransomware elimination.

We suggest you create a backup of encrypted data, and keep it safely until someone releases a free decryption tool – if you have heard about TeslaCrypt[3] or PrincessLocker[4] cases, you probably understand that it is possible to decrypt files once they're encrypted; however, malware reversers need to spend a lot of time to create malware decryptors, so please be patient! 

The list of Matrix ransomware versions 

FASTA ransomware

FASTA ransomware is a Matrix ransomware version discovered on November 14th, 2018. Also known as ransomware, this particular cryptovirus is a slightly altered version of the Matrix ransomware. Developers still rely on spam email attachments with infected MS documents as the main virus distribution technique because it allows hackers to spread their malicious product all over the world.

This version also uses a difficult pattern for the file extension, .[FASTBK@QQ.COM].users' ID.FASTA file marker gets at the end of every encrypted file. When all targeted data gets locked virus places a ransom note in a form of #README_FASTA#.rtf. In this file, developers generated a ransom message which directs users to contact hackers via to get their decryption keys. However, this is not recommended, especially when it comes to notorious ransomware like Matrix. Paying the ransom or even contacting these hackers may lead to more severe damage or permanent data loss.

GMPF ransomware

GMPF ransomware is the product of the notorious crypto-extortionist team that was released at the end of October 2018. At the moment of writing, it is the latest version of Matrix ransomware, so there is no surprise that there is very little information known. However, it is known that encrypted files receive the following appendix: [].user ID (random letters and numbers).GMPF and that their encryption is performed by using AES-128 + RSA-2048 encryption algorithms.

Based on the pattern the ransom note developed after the file-locking should be placed on the system if a form of TXT or RTA file. The ransomware attack starts with a full system scan but not with the encryption itself. Cryptovirus first checks if the system was encrypted before and makes additional changes to system files and folders to make the threat more persistent. It is the reason that before scanning the system with Reimage Reimage Cleaner Intego you may need to enter the Safe Mode with Networking. 

EMAN ransomware

EMAN ransomware is a cryptovirus that was spotted during the first weeks of October 2018. This is the variant that uses AES-128 and RSA-2048 encryption methods to lock users data and later on marks them with [].[gibberish].EMAN appendix. 

This cyber threat introduces #README_EMAN#.rtf file as a ransom note that suggests people contacting developers for a file decryption key.;; are emails provided in a lengthy ransom message which also contains the note that your files are going to be deleted after seven days. 

NOBAD ransomware

NOBAD ransomware is one of the many variants released in October 2018. As well as other more recent versions, this cryptovirus uses both AES and RSA encryption algorithms to lock photos, documents, archives and other types of data that user stores on the device. It marks encoded data in a similar pattern as the versions before and after – [email].[random_combination].NOBAD. 

No significant difference from other variants except ransom note placed on the system as a file named #NOBAD_README#.rtf, still no certain ransom amount but the preferred currency is Bitcoin.  

GMAN ransomware

GMAN ransomware — yet another matrix variant released mid-October of 2018. Another version that uses both encryption methods and locks data until it is inaccessible. It affects any format of the file even archives and databases, backup files too if the victim enters an external device on the infected system.

This version brings !README_GMAN!.rtf and #README_GMAN#.rtf ransom note patterns to the mix. However, the ransom note itself looks almost identical to previous versions and states the following:

Files are not broken!!!

Files were encrypted with AES-128+RSA-2048 crypto algorithms.

There is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. For our safety all information about your server and your decryption key fill be automaticaly DELETED AFTER 7 DAYS! You will irrevocably lose all your data!

*Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data!

*Please note that you can recover files only with your unique decryption key, which stored on our side. If you will use the help of third parties, you will only add a middleman.

As previous versions and many other crypto-demanding threats, GMAN spreads using spam email attachments disguised as invoices, receipts, order information or another financial document. The minute victim downloads and opens the attached file on the system ransomware payload infiltrates the system and starts the encryption process. 

RELOCK ransomware

RELOCK ransomware emerged in 2017. As various other versions, it encrypts files and marks them with _[RELOCK001@TUTA.IO].* file extension. Hackers behind this threat are stating in their ransom note hat every 12 hours the ransom amount is going to increase. This file is named as !OoopsYourFilesLocked!.rtf.

Criminals have also been encouraging people to contact them for the alleged decryption tool via and e-mail addresses. Developers suggest sending three files for test decryption. However, this is only for fake trust to build. 

TheMatrixHasYou ransomware

The new version of Matrix ransomware does not highly differ from the original version. It is also designed to encrypt the most valuable information, including videos, music, photos, documents and audio files. The victim can no longer open and use encrypted information. 

The only noticeable difference between the initial version of the ransomware and TheMatrixHasYou virus is that the latter provides different contact emails: and, and leaves information about the attack in <victim’s id=””>.MATRIX-KEY.RTF file.</victim’s>

This version is also still very dangerous, and there is no antidote for its poison. If your files have been encrypted, you should restore them from backup or remain patient until reverse-malware engineers discover a way to crack it and create a free decryptor.

Matrix virus ransom noteMatrix ransomware is a crypto-malware which drops the ransom note after file encryption.

[] file extension virus

This version of Matrix ransomware was detected in the first half of April 2018. Researchers detected it spreading via hacked Remote Desktop services. It uses RSA-2048 and AES-128 encryption algorithms and creates a !ReadMe_To_Decrypt_Files!.rtf ransom note. 

The note describes the current situation and contains a personal identification number, which has to be indicated in the subject line of the email and sent to one of the following addresses:


Unfortunately, this variant does not have a free decryptor, at least not yet. Nevertheless, we do not recommend paying the ransom as it's not clear whether the paid Matrix decryptor is reliable. 

Matrix crypto-malware

[] file extension virus

This Matrix ransomware version is almost identical to the previous one. Nevertheless, it has been developed in a more professional way as it uses a more complex debugging messaging and cipher commands. 

It also renders RSA-2048 and AES-128 ciphers and targets personal files just like its predecessor. Upon encryption, locked files exhibit [] file extension. PC's desktops background is replaced by Matrix lock screen and the victim is represented with a ransom note named #Decrypt_Files_ReadMe#.rtf. The latter can be found not only on the desktop, but also on each folder containing encrypted data. 

The victim is demanded to provide a unique ID number to get payment instructions. For this purpose, they have to write down an email message and send to,, and email addresses. The [] file extension is not decryptable for free. 

The examples of Matrix ransomware Matrix ransomware crooks manipulate victims by harassing them with fake FBI notices.

Fox ransomware

Fox ransomware was discovered in August 2018 as the latest version of Matrix virus. The encryption process is done using AES-128 and RSA-2048 methods. Every modified file gets an extension in this pattern: [hacker's email].[random_ID].FOX. Fox virus places a ransom note #FOX_README#.rtf, containing the instructions for further actions, on every folder that has modified data. In this note, virus developers provide contact emails:;; It spreads while breaking through RDS. 

There is no official decryption tool, so we do recommend to remove Fox Matrix ransomware using proper anti-malware tools. Only then you can focus on the important data recovery process. DO NOT contact cybercriminals and DO NOT pay the demanded ransom. This may lead to permanent data or money loss. 

KOK08 ransomware

At the beginning of September 2018, researchers have spotted a new version of Matrix malware. It executes encryption codes to compromise valuable data and appends .KOK08 file extension afterward. Note, that this version is similar to .KOK8 file extension virus as the used suffix is almost identical. 

Victims receive the ransom note named as #KOK08_README#.rtf file which informs about data encryption as any other message of this virus. Hackers merely indicate email address for contact purposes. Likewise, victims suppose to write to the provided email. Although, experts do not recommend doing so.

FASTBOB ransomware

Just in a few day difference, researchers discovered another updated variant of Matrix ransomware. Similar to other upgrades, criminals haven't changed anything essential except the extension and the name of the ransom note. 

This new version of Matrix malware appends .FASTBOB file extension after data encryption. Users receive instructions on how to decrypt information in #_#FASTBOB_README#_#.rtf ransom note. The message urges to contact the crooks via email address. 

ITLOCK ransomware

The .ITLOCK variant showed up in mid-September and was discovered by independent security researchers.[5] The malware uses AES and RSA to lock files up and demands a ransom to be paid via the !ITLOCK_README!.rtf message. Crooks demand users to contact them using to receive instructions on how to recover encoded files. As usual, we do not recommend contacting cybercriminals and use alternative methods for file recovery after ITLOCK ransomware removal is complete using reputable security tools.

.ITLOCK file extension virusCrooks often use spam emails to infect user computers with ransomware like .ITLOCK virus

At the end of January 2019, hackers released a new version of ITLOCK ransomware. Not to be confused with the previous versions, this one drops !README_ITLOCK!.rtf ransom note that does look very similar to last virus variants. However, it contains different contact addresses:,, and

This version of matrix appends the extension in the following way:


GRHAN ransomware

GRHAN ransomware is the latest variant of Matrix virus. Discovered on 14th of January by Michael Gillespie,[6] the malware has been spotted attacking Italian users.

The variant of Matrix uses .GRHAN file extension for all databases, music, videos, pictures and other data. After the infiltration, the virus contacts a remote server to upload the !README_GRHAN!.rtf ransom note, which informs victims about the file encryption and a ransom demands.

Users are asked to email to agree how much they will have to pay for the decryptor. Victims can be asked to pay in Bitcoin or Ethereum cryptocurrency. Please do not contact hackers and instead remove GRHAN ransomware using reputable security tools.

Crooks behind Matrix virus impersonate law enforcement agencies

As notices from law enforcement agencies, including Federal Bureau of Investigation (FBI), National Security Agency (NSA) and others might be intimidating, hackers try to take advantage of puzzled people and employ social engineering tactics to obtain illegal profits.

The current version of Matrix virus frightens users into thinking that their computer and data have been locked due to the US law violation. The counterfeited messages claim that their devices have been blocked due to the detected content of child pornography and similar criminal activities.

It also refers to the Criminal Code to deceive users more. However, few affected netizens might check the referred article and find out the different content. Keep in mind that mentioned institutions do not urge you to pay any amount of money within a specified amount of them.

Hackers expect you to remit the payment within 96 hours in order to escape a life imprisonment sentence. It is not difficult to look through the deception since the crooks provide a Bitcoin address and and 

Be vigilant when reviewing the spam folder. Do not open any email attachments before verifying the sender. Hackers often leave grammar mistakes and typos in such messages. The hijack is performed with the assistance of JNwpM1mu.exe or matrix.exe executable files. It can occupy a device via HEUR/QVM10.1.0000.Malware.Gen,  malicious_confidence_100% (D),TR/Crypt.Xpack.uhqit, and similar trojan horses. 

Hackers employ exploit kits for ransomware distribution

Usually, criminals aim to infect as many computers as possible to increase their ransomware payments. For that, they not only employ social engineering tactics but also exploit kits to circumvent PC systems. One of the most popular ones is Rig Exploit kit which helps to detect system vulnerabilities and infiltrate the ransomware. 

Therefore, make sure you pay attention to what sources and what programs you download from. Avoid installing software other than official sites. pay attention to the “publisher”  – it should indicate the name of the official company other than “unknown.”

Safely uninstall Matrix virus from your PC

For Matrix ransomware removal, you should consider installing a reliable antivirus tool. Our top recommendations are Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, and SpyHunter 5Combo Cleaner. These security tools can be downloaded and installed once you boot your computer into Safe Mode. You will find instructions showing how to delete Matrix ransomware and reboot system into Safe Mode at the end of this article.

Now let's discuss the ransom part. First of all, if you're willing to pay it, do not delete the infection – do it afterward. However, we strongly recommend you not to pay the ransom and remove Matrix ransomware as soon as you detect the threat on your computer. There are numerous reasons why it is not worth paying; there are insufficient possibilities that criminals will decide to give you the decryption key to unlock files[7].

Besides, if you paid, you would encourage scammers to keep going and creating more malware. This will cause the number of ransomware victims grow. Although it is not a direct way to fight with ransomware, it can help to lower the number of ransomware cases in general. If victims stopped paying ransoms, cybercriminals would no longer see a point to create them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
Matrix ransomware snapshot
Matrix version 1

To remove Matrix virus, follow these steps:

Remove Matrix using Safe Mode with Networking

Remote Matrix virus by rebooting your computer into Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Matrix

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Matrix removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Matrix using System Restore

Get rid of malware by using System Restore. This tip will help you disable the threat.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Matrix. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Matrix removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Matrix from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If files encrypted by Matrix ransomware, you can try our suggested methods to recover them. However, we strongly advise you to create a backup of encrypted files to have an intact copy. Sometimes failure to decrypt files can completely destroy them!

If your files are encrypted by Matrix, you can use several methods to restore them:

Use Data Recovery Pro to recover lost data


If you want, you can use Data Recovery Pro to decrypt your files. You can find full instructions on how to use such tool below.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Matrix ransomware;
  • Restore them.

Try Windows Previous Versions feature to recover separate files

Windows Previous Versions come in handy when the current data versions get corrupted. If you enabled System Restore function a while ago, you can try to recover your files now. Bear in mind that this method helps to fix files one by one, so if you want to restore a big number of files at once, this is not the method you should go for. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

ShadowExplorer can help you with data decryption

If you are lucky and the ransomware hasn't managed to delete or compromise Shadow Volume Copies in any way, you might get help from ShadowExplorer tool. For more information, follow these steps:

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, Matrix decryptor is still in development.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Matrix and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions


Removal guides in other languages

  1. Ombre says:
    December 2nd, 2016 at 7:28 am

    AGAIN, a new ransomware! It saddens me so much to hear about new viruses daily!

  2. Mario21 says:
    December 2nd, 2016 at 7:29 am

    Cant open my files! This is nerve-wracking experience! There must be a way to restore them! somehow! please!

Your opinion regarding Matrix ransomware