Magniber, Losers, Matrix ransomware keep attacking computer users

Crooks focus on distribution of Losers, Magniber and Matrix ransomware

Matrix, Losers and Magniber ransomware on a rise in November 2017

Security experts discovered cybercriminals boosting the distribution of well-known Matrix, Magniber and Losers ransomware again. Hackers came back employing even more successful methods to trick users into downloading the executable files of the viruses.

We have encouraged you to take precautionary measures before, but this time you have to be extremely careful. Cybercriminals have swindled enormous amounts of money from gullible people before, and they sure won’t stop now. Thus, check the key features and distribution methods explained below and make sure to protect your system from ransomware attack.

Matrix malware takes advantage of the Rig exploit kit

Matrix virus is designed to infiltrate on victim’s computer by disguising as a fake FBI alert. As soon as it reaches the system, it starts encrypting data. Later, it drops a matrix-readme.rtf file providing further information and urging to contact the attackers via [email protected] or [email protected] e-mail addresses. Victims report being demanded to pay a ransom to recover their data.

Developers of the malware employ sophisticated AES+RSA ciphers to make the files inaccessible and swindle money from desperate computer users. Experts recently spotted an increase in the distribution rate due to the usage of RIG exploit kit, which helps to detect system vulnerabilities and successfully infiltrate the Matrix ransomware.

Losers ransomware continue its malicious activity via fake DVD burning software experts report receiving many asks for help from the victims of Losers malware. This file-encrypting virus spreads as a fake DVD burning program called Burn4Free and encrypts data on the victimized computer. You can quickly recognize it from .losers file extension appended at the end of the filename.

Victims receive a ransom note in the form of HOWTODECRYPTFILES.txt file and are insisted on paying the ransom in Bitcoins for a decryption key. Since hackers already made considerable amounts of profit, we believe that they came back for even more. Thus, you should not consider paying the demanded amount of money as an option.

Magniber crypto-malware offers to purchase My Decryptor for 0.2 Bitcoins

Developers keep releasing new versions of the virus to create new methods of distribution. Magniber malware infiltrates on the computer with the help of Magnitude exploit kit and encrypts data on the system using AES algorithm. The latest extension marks detected are .skvtb, .vbdrj, .ihsdj, .kgpvwnr and .fprgbk.

But you should be aware that once the criminals decided to renew virus activity, they will create new extensions and ransom notes to confuse people and swindle money. Currently, the ransom note is displayed in READ_ME_FOR_DECRYPT_[id].txt file and attackers demand 0.2 Bitcoins for a decryption tool called My Decryptor.

Precaution measures are necessary to resist the new flow of ransomware attack

Cybercriminals work for a reason — they want more illegal profits. Thus, you should never trust them and decline all offers. Instead, focus on the ransomware removal and try to restore your files using backups.

Tips to avoid ransomware attack:

  • Use a reliable security software and make sure to update it regularly;
  • Enable the function on your computer automatically storing backup copies in the cloud;
  • You can also save them on other external storage devices, just don’t forget to unplug them from the computer;
  • Enable System Restore function to use alternative recovery methods in case of attack.
Posted in support.