The Matrix — the ransomware, that is — has been reloaded as a security researcher discovered that a new form of the malware that first appeared in 2016 has once again been spotted in the wild.

Jérôme Segura from Malwarebytes made the discovery, detailing that the new version was being distributed through the RIG exploit kit. That kit is used to deliver the ransomware through malicious advertising that targets users who have not patched known flaws in both Internet Explorer (CVE-2016-0189) and Adobe Flash (CVE-2015-8651). According to Bleeping Computer, a victim needs only to visit a website running the malicious advertising while running the unpatched software to become infected.

Where the Matrix ransomware gets interesting is that it doesn’t simply demand a ransom payment upfront. Instead, it starts with a message that claims that all the victim’s files have been encrypted, states that U.S. law has been breached, then presents a message that the IP address of the victim has been discovered to be accessing pornography, child pornography, zoophilia and abuse material.

The victims are then told that they have to pay a penalty to unlock their files and to obtain payment details by contacting two listed email addresses. Users are told that the size of the “penalty” will increase every six hours and that after 96 hours the decryption key will be deleted, both creating a sense of urgency in their demands.

It’s not clear how much those behind the ransomware are demanding to hand over the decryption key, but the previous version of Matrix demanded a payment between $1,500 and $5000 in bitcoin.

Along with the obvious, such as making sure that software is patched and up to date, users are advised to make sure they are running antivirus software and that they are making regular system updates. That way, if they are infected and can’t remove Matrix or any other form of ransomware from their PC, they can undertake a full system restore.

Photo: Matrix Reloaded/ Village Roadshow Pictures