Severity scale:  
  (96/100)

Matrix ransomware. How to remove? (Uninstall guide)

removal by Lucia Danes - -   Also known as matrix9643@yahoo.com) ransomware | Type: Ransomware
12

Matrix crypto-virus makes a comeback

The screenshot of Matrix malware

Matrix virus operates as file-encrypting malware[1] which disguises as a fake FBI warning. It alarms victims that their personal files have been encoded due to the violated article of the US law detected child pornography and other illegal activities. It emerged in the cyberspace on December 1st, 2016, struck again in April 2017.

Since then the developers started employing RIG exploit kit to boost Matrix distribution. After a couple of months, IT experts have noticed the hike in its activity again. The developers did not present much change in the overall design of the malware. The felons only added new email addresses.

The malware targets English and Russian-speaking computer users are the main targets. The ransom message is called matrix-readme.rtf, and it commands victims to contact scammers via provided email addresses: matrix9643@yahoo.com or redtablet9643@yahoo.com. Besides them, here is a short list of all emails currently emails associated to Matrix:

  • TheMatrixHasYou9643@yahoo.com
  • noliberty9643@yahoo.com
  • thematrixhasyou9643@yahoo.com
  • cremreihanob1979@yandex.ru
  • pyongyang001@yahoo.com
  • bl4ckdr4gon@tutanota.com

As soon as such malware compromises a computer, it scans for possibly important data and encodes them with AES+RSA cipher to make them inaccessible.  After that, it marks them with .matrix extension.

If you’re looking for Matrix decryption tool, you should know that currently there is none. It is extremely hard to decrypt files without knowing the decryption key, and that is why ransomware developers make every effort to hide it from the computer user. Typically, they keep the decryption key to in the remote hidden servers. 

It would be unwise to remit the payment as there are no guarantees that the developers will play fair and return them. There are also doubts whether their decrypter will function properly. If it is a program, it may contribute to future crypto-malware hijack. Therefore, remove Matrix ransomware virus in a hurry. You can use anti-malware tools, such as Reimage or Malwarebytes Anti Malware, for the ransomware elimination.

We suggest you create a backup of encrypted data and keep it safely until someone releases a free decryption tool – if you have heard about TeslaCrypt[2] or PrincessLocker[3] cases, you probably understand that it is possible to decrypt files once they're encrypted; however, malware reversers need to spend a lot of time to create malware decryptors, so please be patient! 

Other versions

TheMatrixHasYou ransomware. Another example of Matrix malware has emerged recently, and it seems to be similar to the initial virus version. Just like matrix9643@yahoo.com virus, it renders files into worthless pieces of data. It converts documents, photos, databases, presentations, videos, and other files that the victim keeps in the computer into junk files that take space but cannot be used in any way.

The only noticeable difference between the initial version of the ransomware and TheMatrixHasYou virus is that the latter provides different contact emails: TheMatrixHasYou9643@yahoo.com and noliberty9643@yahoo.com, and leaves information about the attack in <Victim’s ID>.MATRIX-KEY.RTF file.

This version is also still very dangerous, and currently, there is no antidote for its poison. If your files have been encrypted, you should restore them from backup or remain patient until reverse-malware engineers discover a way to crack it and create a free decryptor. Until then, remove Matrix malware to protect your PC from additional malware.

Updated October 27, 2017. On October 2017, Matric ransomware made a comeback[4]. The authors continue relying on RIG exploit kit. There are no any crucial changes except a couple of new email addresses. One of them refers to North Korea's capital Pyongyang.

The fact that the malware is placed in .saz folder suggests it may be distributed via email attachments.  Fortunately, the latest version is already detectable (TR/Crypt.Xpack.vdzpt, Trojan.Ransom.Matrix, etc.) by security tools. The virus may hide in 1q0NOiyA.exe or alternative executable file.

Matrix virus hides under fake FBI notice 

Receiving an urgent alert from the Federal Bureau of Investigation, National Security Agency or another legal institution is not a pleasant experience, as long it is genuine. Likewise, similar institutions inspire cyber villains to polish their hacking techniques.

The current version of Matrix malware frightens users into thinking that their computer and data have been locked due to the US law violation. The counterfeited messages claim that their devices have been blocked due to the detected content of child pornography and similar criminal activities.

It also refers to the Criminal Code to deceive users more. However, few affected netizens might check the referred article and find out the different content. Keep in mind that mentioned institutions do not urge you to pay any amount of money within a specified amount of them.

Matrix hackers expect you to remit the payment within 96 hours in order to escape life imprisonment sentence. It is not difficult to look through the deception since the crooks provide a Bitcoin address and thematrixhasyou9643@yahoo.com and cremreihanob1979@yandex.ru. 

Be vigilant when reviewing the spam folder. Do not open any email attachments before verifying the sender. Hackers often leave grammar mistakes and typos in such messages. Matrix hijack is performed with the assistance of JNwpM1mu.exe executable file. It can occupy a device via HEUR/QVM10.1.0000.Malware.Gen,  malicious_confidence_100% (D),TR/Crypt.Xpack.uhqit, and similar trojan horses. 

RIG exploit kit accelerates Matrix distribution 

Sadly, many computer users are not aware of ransomware menace so that they can become victims easily. Though spam emails remain the popular distribution method among Cerber and Locky authors, others enwrap their malware in the disguise of corrupted apps. BadRabbit virus illustrates this case.[5]

Therefore, make sure you pay attention to what sources and what programs you download from. Avoid installing software other than official sites. pay attention to the “publisher”  – it should indicate the name of the official company other than “unknown.”

Matrix virus elimination steps

Now that you know how ransomware spreads and how to avoid installing such viruses, you probably want to remove Matrix virus as soon as possible. The first question you should answer is whether you have a malware removal tool or not. If not, follow these Matrix removal guidelines to delete Matrix virus from the system for good. To eliminate it, you will need a good anti-malware software. Before you do it, reboot your PC using instructions provided below.

Now let's discuss the ransom part. First of all, if you're willing to pay it, do not delete the infection – do it afterward. However, we strongly recommend you not to pay the ransom. There are numerous reasons why it is not worth paying; there are insufficient possibilities that criminals will decide to give you the decryption key to unlock files[6].

Besides, if you paid, you would encourage scammers to keep going and creating more malware. This will cause the number of ransomware victims grow. Although it is not a direct way to fight with ransomware, it can help to lower the number of ransomware cases in general. If victims stopped paying ransoms, cyber criminals would no longer see a point to create them.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Matrix ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Matrix ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual Matrix virus Removal Guide:

Remove Matrix using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Matrix

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Matrix removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Matrix using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Matrix. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Matrix removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Matrix from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If files have been encrypted, you can try our suggested methods to recover them. However, we strongly advise you to create a backup of encrypted files to have an intact copy. Sometimes failure to decrypt files can completely destroy them!

If your files are encrypted by Matrix, you can use several methods to restore them:

Data Recovery Pro

 

If you want, you can use Data Recovery Pro to decrypt your files. You can find full instructions on how to use such tool below.

Find those Windows Previous Versions

Windows Previous Versions come in handy when the current data versions get corrupted. If you enabled System Restore function a while ago, you can try to recover your files now. Bear in mind that this method helps to fix files one by one, so if you want to restore a big number of files at once, this is not the method you should go for. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Matrix and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References

Removal guides in other languages


  • Ombre

    AGAIN, a new ransomware! It saddens me so much to hear about new viruses daily!

  • Mario21

    Cant open my files! This is nerve-wracking experience! There must be a way to restore them! somehow! please!