SECURITY
SECURITY
SECURITY
Research details new form of ransomware flying under the radar
A new report from SophosLabs released today details a new form of ransomware that has been flying under the radar until now.
Dubbed Matrix, the ransomware is unique in that it targets a single machine rather than spreading through an organization like other forms of ransomware. In addition, the attackers also force the victim to message them directly to show proof of encryption before they disclose the ransom amount.
Matrix also differs in the way it is distributed. Whereas most prominent ransomware attacks involve widespread phishing campaigns, those behind Matrix in most cases gain access to victim’s personal computer by performing an active brute-force attack against the passwords for Windows machines. They do so via gaining access through a firewall that has the Remote Desktop Protocol enabled.
The researchers noted that though the attack is less sophisticated than others, Matrix also comes equipped with a “Swiss Army knife” of malware that helps it carry out its attack.
“While the malware has been under continuous development and improvement while we have been monitoring it, the authors or operators of this malware do not appear to behave as professionally as, by comparison, the SamSam gang,” the report explained. “They have made frequent mistakes along the way, some of which have been corrected, and other features implemented then abandoned. They do not always employ adequate operational security, which might be the cause of their eventual undoing.”
Attacks using Matrix have been detected globally, with 28 percent of detections coming from the U.S. Hinting at its country of origin, later versions of the ransomware prevent it being fully executed if the victim’s machine uses Russian and eastern European languages.
“While it is not in wide distribution, Matrix appears to herald a future in which small, bespoke
ransomware gangs engage in moderate-return targeted attacks simply because the low-hanging fruit exists,” the researchers concluded.
Photo: Marcin Wichary/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
