Matrix-EMAN Ransomware

What is Matrix-EMAN Ransomware?

It is most likely that your operating system was attacked by Matrix-EMAN Ransomware if your Desktop wallpaper has been replaced with an image that displays this message: “We are really sorry to inform you that: ALL YOUR FILES WERE ENCRYPTED with AES-128+RSA-2048 algorithms!” There are other signs that can tell you that this is the infection that you are dealing with, and we discuss them in this report. Unfortunately, it is most likely that you have discovered the malicious ransomware after it successfully encrypted your personal files. At the time of research, according to Anti-Spyware-101.com research team, it was not possible to decrypt files, as no legitimate file decryptors could help. This is the strength of file-encrypting ransomware because once victims realize they are out of options, they are more likely to be willing to pay a ransom. The bad news is that this is not a good option either because cyber criminals are unlikely to help you out even if you transfer the requested ransom. Of course, whether or not you pay the ransom, you must remove Matrix-EMAN Ransomware. Continue reading to find out how to delete this monstrous infection.

How does Matrix-EMAN Ransomware work?

Matrix-EMAN Ransomware – as it was found in our internal lab – is a new variant of an infection we are already familiar with, Matrix Ransomware. There are several other variants (e.g., Matrix-NEWRAR Ransomware) that have been reported by our team already. If you are curious to learn more about the removal of these infections, use the search box at the top to find more information. While all variants have unique traits, they also share some similarities. For example, they can be distributed using several different ways, which include using unsafe remote access channels and spam emails. The goal for the distributor of the infection is to make the user execute it without any suspicion. If you realize that something is not right, you might delete Matrix-EMAN Ransomware before it causes any trouble. Of course, that will not help if the infection’s copy is created by that time. The copy, according to our researchers, is created on the Desktop along with two .TXT files and one .BAT file. If you are quick, you might be able to remove all malicious components the moment they are created. However, if you are not quick, the files are encrypted without your notice, and there is no return from that.

After encryption, Matrix-EMAN Ransomware deletes all shadow volume copies to ensure that you cannot restore files from internal system’s backup. Then it creates a file called “#README_EMAN#.rtf.” This file should be created in every location that includes encrypted files. Speaking of these files, they are renamed, and “[EncodeMan@qq.com].713ef2f372f0d39-23dd9e0bfb9bd95.EMAN” is an example of the kind of names you could face. The message in the RTF file is quite long, but the gist is that files can be recovered if you purchase a decryption key, which, allegedly, is removed after 7 days. The message instructs to email EncodeMan@qq.com, EncodeMan@protonmail.com, and EncodeMan@tutanota.com (all three) or use BitMessage (BM-2cXRWRW5Jv5hxbhgu2HJSJrtPf92iKshhm) to get more information. If you contact the creator of the infection, they will ask you to pay a ransom, and doing that is very risky. Most likely, your ransom would not be exchanged for a decryptor. Ideally, all your most sensitive files are backed up on a cloud or an external drive, and you can remove the infection ASAP without any loss.

How to remove Matrix-EMAN Ransomware

According to our analysis, Matrix-EMAN Ransomware can record and transfer information about your system, download additional malicious files, and, quite possibly, act as a backdoor. These are the reasons you should not waste any more time. It is best if you install a reliable anti-malware program to find and delete Matrix-EMAN Ransomware components. This is not the only reason to install this program. You also need it to help you with protection against malicious threats in the future. Note that even if your files are lost permanently because of the invasion of a ransomware, you want to avoid this kind of malware in the future, and only reliable anti-malware software can help you with that. If you want to delete the infection manually, use the instructions below at your own risk. Remember that if you do not eliminate all components successfully, your virtual security could remain at risk.

Removal Instructions

1. Find and Delete the {random name}.exe launcher of the infection.
2. Move to the Desktop and Deletethese components:
   • {random name}.bat
   • {random name1}.txt
   • {random name2}.txt
   • {random name}.exe (the copy)
3. Delete all copies of the #README_EMAN#.rtf file (should be placed along with encrypted files).
4. Launch Explorer by tapping Win+E and enter %APPDATA% into the field at the top.
5. Delete the {random name}.bmp file and set the desired wallpaper image.
6. Empty Recycle Bin to eliminate the malicious components.
7. Install a trusted malware scanner to inspect your operating system and check whether or not you need to eliminate other threats. Download Removal Tool100% FREE spyware scan and
   tested removal of Matrix-EMAN Ransomware*