The other day I sarcastically Tweeted out “expert level” advice on how to deal with any ransomware attack that may effect your computer in the future, but breaking news about a new ransomware variant is no laughing matter. As was first reported by Lawrence Abrams of BleepingComputer.com this past Saturday, April 7th 2018, starting sometime late last week two new versions of Matrix ransomware had begun making their way around the world.
Abrams goes on to explain that the variants were first spotted by MalwareHunterteam, whom found that the ransomware was getting “installed through hacked Remote Desktop services.” Explaining that “this ransomware is currently being distributed to victims by the attackers brute forcing the passwords of Remote Desktop services connected directly to the Internet. ” Then, “once the attackers gain access to a computer, they upload the installer and execute it.”
Rather than get into the minutia of the ransomware and how it works for this site, you are invited to read Lawrence Abrams full article available through the following link: https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/
— BleepingComputer (@BleepinComputer) April 7, 2018
Instead I would like to explain exactly why this ransomware poses such a large threat, as well as some small steps you can take to protect yourself against it and make your computer safer in the future. First off, this ransomware is extremely dangerous because it involves no interaction whatsoever on behalf of the user being compromised. Traditionally for any ransomware attack to take effect and compromise a computers systems requires some random fool on the internet clicking on a link they had no business clicking or downloading some unknown file they had no business downloading. What makes this new Matrix ransomware variant so dangerous is that it is being installed on peoples computers through pre-installed software applications already built into their devices, meaning that this ransomware can literally encrypt your entire hard drive while you’re sleeping.
This is also why Lawrence Abrams emphatically tells his readers to “backup” their important data, because this is essentially all you can do to protect yourself against any ransomware that finds its way onto you computer – assuming you do not want to actually pay the ransom itself. Coincidentally enough, this is essentially the same advice I also sarcastically Tweeted out last week…..
How To Foil Any Ransomware Outbreak or Major Security Breach On Your CPU In 3 Easy Steps:
1.) Buy an external hard-rive
2.) Periodically export your data to it
3.) Go back to living your life as usual
— Brian Dunn (@BankruptMedi4) April 5, 2018
With that said however, there are some simple security measures you can take to protect yourself against this ransomware outbreak and others like it which are sure to come. Fortunately, the following steps will also help protect against a variety of other cyber attacks at the same time. As was previously stated, the newest Matrix variant is being delivered straight to computers through remote desktop applications connected to the internet. What you must understand is that these applications aren’t usually necessary to peoples lives or the overall function of their devices, and can be manually disabled through your computers settings menu and firewall rules.
I can not stress this strongly enough, if you have no reason or need to connect your computer remotely for work, these connections and applications should always at the very least be disabled on your computers firewall, or completely deleted/uninstalled from your computer entirely. Not only should you disable any type of remote connections both to and from your device through the individual inbound and outbound rules of your firewall, but you should also remove it from the list of allowed applications on the main menu of your firewalls settings as well. If you do not know how to do this or find these settings, I will not teach you how to do this here, instead just enter a standard Google or YouTube search to learn more.
Quite literally, anyone whom does not learn how to edit or customize their firewall makes an easy target for hackers – and the Matrix ransomware. If that is not enough incentive for you, then consider the fact that open remote connections or applications can allow even the most rudimentary of hackers – “Script Kiddies” – unto your devices. For example, open remote connections can easily be exploited by any publicly available or open source pen-testing software – of which there are many 😉
Moreover, computer hacking is largely a copy-cat game. Meaning that the more successful a hack is, the more likely it is that others will start duplicating it. Considering that Matrix ransomware is now successfully being delivered to users through new portals, expect more attacks just like this to start popping up around the world in the near to immediate future.
Better to learn and prepare yourself now……
Categories: Cyber Security