Matrix Ransomware Payment & Decryption Statistics
Matrix Ransomware payment costs
Matrix ransomware payments are typically lower than the ransomware marketplace average. Matrix affects small to mid-sized sized organizations that have lower ability to pay relative to larger businesses.
Matrix Ransomware incidents are generally shorter than other types of ransomware due to the efficiency of the decryption process.
Average Length of a Matrix Ransomware Incident
Matrix Ransomware Case Outcomes
Matrix Ransomware has a very high data recovery-success rate after a ransom payment is made. Relative to other types of ransomware, the decryptor tool is very straightforward to run and requires little communication with the hacker after it is supplied.
Immediate Matrix Recovery Help
For immediate assistance contact us or call 24/7 Support: (203) 442-4050
Decrypting Matrix Ransomware
Matrix is different than other forms of ransomware because it changes the name of the entire file, instead of appending a unique value at the end of each file name
Each drive or local disk will contain a distinct unique ID that is shown in all of the file names. You must search the entire network to ensure that all IDs have been found and cataloged.
The attacker will need a copy of each file with a unique ID to begin generating the decryptor tool
Steps to Run Matrix Decryption Tool
Remove Malware: Run your standard AV on each affected machine and clean off the ransomware executable. Most AV software should find the executable. If you not found by AV, you can run the following test:
Take a clean unencrypted test file, save it to a blank USB
Plug the USB into the infected machine
Boot the machine
If the test file on the USB gets encrypted, the malware is still there...keep searching
If the test file does not get encrypted. Your machine should be safe to proceed.
Run Decryptor: After paying the ransom, you will be sent a .zip file with the decryptor application and several .sek file. Download onto affected machine. The folder will typically look like below:
1. Ensure that all AV is removed or turned off. AV will keep the decryptor from running as intended.
2. Run as administrator. The tool will first request a password, if the threat actor has enabled this feature.
3. The tool will then search the system for encrypted files.
4. Once the Tool finds all encrypted files, it may require a path to be outlined for each .sek file. If you are scanning the entire network but have multiple .sek files, you’ll need to run the tool once for every distinct .sek file. This process may be time consuming depending on the number files.
If the attacker has provided a README file that outlines which ID corresponds to each .sek file, then you may be able to scan only the desired drive and provide the path to the corresponding .sek file.
5. After entering the .sek file path, the tool will automatically begin decrypting the files that are associated with the .sek file. As the files decrypt, they will automatically revert to their original file names.
6. After running the tool for a specific .sek file, a summary report will show the files that were not decrypted. If you’re scanning the entire network, then expect the report to show (i) files that cannot be opened and were likely never decrypted in the first place and (ii) invalid RSA messages for files that are not correlated to the specific .sek file. Files that are successfully decrypted will not appear in the report.
If all files were successfully decrypted, then you will no longer see any invalid RSA messages.
Matrix Ransomware Frequently Asked Questions
1. Are there free Matrix decryption tools Available?
The majority of active Matrix ransomware variants can not be decrypted by any free tool or software. If you submit a file example to us, we will have a look for free and let you know. There are also good free websites that you can upload a sample file to and independently check. You should NOT pay a data recovery firm or any other service provider to research your file encryption. They will use the same free resources noted above… so don’t waste your money or time!
2. How did I get infected with Matrix ransomware?
Most Matrix ransomware is laid directly by a hacker that has accessed an unprotected RDP port, utilized email phishing to remote into a network via an employee’s computer, or utilized malicious attachments, downloads, application patch exploits or vulnerabilities to gain access to a network.
3. What are recent Matrix ransomware file extensions?
Since Matrix changes the entire file name to a unique ID, it is hard to tell if an encrypted file has been impacted by Matrix.
4. What does a Matrix ransom notice look like?
Matrix ransomware hackers will leave a .txt or .rtf file notice behind that will be prominent and easy to find. It commonly looks like like the image to the right.
Note: We do not advise that any person or company contact a hacker and negotiate directly. Cyber criminals can be difficult to communicate with. Let a professional assist you.
RANSOMWARE FREQUENTLY ASKED QUESTIONS
WHAT INFORMATION DO I NEED TO PROVIDE?
You will need to provide information from both the ransom notice and a sample encrypted file. We will schedule a call to discuss the severity of the attack, the operability of your company and the likely timeline / cost of recovering from the attack. You will also need to provide identifying information on your company, and an authorized representative of your company.
HOW MUCH WILL THIS COST?
You are already being extorted; we don’t think you deserve to pay another large fee. Coveware charges flat daily service fees that vary based on the complexity of your case. We do not charge spreads of fees tied to the size of the ransom amount. Our fees will never be even close to the amount of the ransom demanded by the cyber criminal, and you should be skeptical of why any other service provider would charge a fee that high.
WHAT ABOUT FIRMS THAT HAVE TOLD ME THEY CAN DECRYPT MY FILES WITHOUT PAYING THE HACKER?
You should be extremely skeptical of any data recovery firm that claims they can decrypt ransomware. Typically they are just paying the cyber criminal without your knowledge and pocketing the difference between the ransom amount and what they will charge you. Know the facts before you engage. If the ransomware IS decryptable, the tool can be found for free. If not, purchasing a key from the cyber criminal is the only way to unlock your files. While Coveware does not condone paying cyber criminals, we recognize it is often the only choice if backups are not available or have become compromised as well. If that is the case, you deserve an honest, transparent experience.
WILL THE RANSOMWARE PAYMENT BE SUCCESSFUL?
There is no guarantee that paying the ransom will result in a working decryption tool being delivered. However, Coveware believes that data aggregation can help customers make the most informed data-driven decisions. Since we handle lots of cases of the same ransomware types, we are able to share our experiences and help customers decide how to proceed.
HOW DO I UNLOCK MY FILES?
If the ransomware payment is successful, a decryption tool & key is provided by the hacker that can be used to manually decrypt your files.
HOW DO I PREVENT THIS FROM HAPPENING AGAIN?
There are some common security mis-configurations that lead to a ransomware attack. We can share some tips and resources for preventing future attacks, but encourage companies to perform a full forensic review or security assessment as soon as possible. Consistent investment in security IT is the best antidote to preventing future attacks.
WHY CHOOSE COVEWARE?
RANSOMWARE RECOVERY PLAN: Provide some information on the severity of the attack, operability of your company and budget/ time and we'll chart you a set of options using our database of similar cases.
SETTLEMENT & RECOVERY: Coveware has access to a ready supply of any crypto currency, and offers a 15 minute disbursement service level agreement. We also support the decryption / data recovery process.
RANSOMWARE ASSESSMENT: Provide a few details from the ransom notice and an example encrypted file and we will provide context into the severity of the attack and your options for decryption and recovery. This is free.
HACKER NEGOTIATIONS: We have deep experience communicating and negotiating with hackers. Its what we do all day long! Take advantage of our experience and allow us to shoulder this burden.
WHAT OUR CUSTOMERS ARE SAYING
"Remediating a ransomware incident for a current or prospective client is stressful. The future of the client relationship, and sometimes the operability of the client's business are at stake. It is a lot of pressure for a managed service provider to take on, especially as downtime mounts. Coveware's solution shoulders a lot of that burden, dramatically improving the experience, and most importantly shrinking the time to recover."
- Adam Wipp, Helm MSP