Matrix Ransomware Removal (+File Recovery)

How to Remove Matrix Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

     ALL YOUR FILES HAVE BEEN LOCKED!
    This operating system and all of important data was locked due to the violation of the federal laws of the United States of America! (Article 1, Section 8, Clause 8; Article 202; Article 210 of the Criminal Code of U.S.A provides for a deprivation of liberty for four to twelve years.)

    Following violations were detected: Your IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! This computer is aimed to stop your illegal activity.

    To unlock your files you have to pay the penalty!

    You have only 96 hours to pay the penalty, otherwise you will be arrested!

    You must pay the penalty through Bitcoin Wallet. To pay the penalty and unlock you data, you should send the following code:
    [REDACTED] to our agent e-mails: thematrixhasyou9643@yahoo.com or cremreihanob1979@yandex.ru You will receive all necessaryy instructions!

    HURRY UP OR YOU WILL BE ARRESTED!!!

Matrix is a harmful file-encrypting parasite. Also known as ransomware. Unfortunately, you’re now stuck with one of the worst kinds of infections out there. Ransomware-type programs are rightfully dreaded. It goes without saying that you have to take measures ASAP and uninstall the intruder. In today’s article, you will find all the information you need about the Matrix virus. In addition, we’ve provided a detailed manual removal guide down below. First things first, this program is still in development. That means it is yet to unleash its entire potential. Hackers often revisit their old creations to make them even more dangerous and problematic. However, to date, the Matrix ransomware shows some imperfections. This program doesn’t encrypt all file formats. It still locks quite a high percentage of your data, though. As soon as the parasite lands on board, your computer gets thoroughly scanned. That is because ransomware needs to locate the files it’s about to encrypt. As you could imagine, what this infection search for, it eventually finds. Once that is complete, the Matrix ransomware initiates encryption. This program uses a complicated encrypting algorithm. It adds the malicious .matrix extension to your files. Yes, your private data gets renamed. Your files change format so they become unrecognizable by your computer. Ultimately, you’re being denied access to your own information. That includes some of the most popular formats out there. You could be absolutely positive Matrix could encrypt some extremely valuable data. Do you keep important files on your device? Probably. It’s your own computer, after all. The problem is, hackers are taking advantage of that. The more files Matrix locks, the better for crooks. It effectively turns your private data into unreadable, unusable gibberish. You won’t be able to open or use your own files stored on your own PC. And if you thought that was nasty, wait till you hear the rest of it. This parasite drops a  Matrix.rtf or Readme-Matrix.rtf file. Now, that’s your ransom note You will find it in all folders that contain encrypted files. It goes without saying those are indeed a lot of folders. According to the message, you’ve violated the federal laws of the United States of America. This is nothing but a cheap trickery to get you to panic. Hence, ignore the parasite’s intimidating threats and accusations. Believing them could cost you a hefty sum of money.

How did I get infected with?

Chances are, you didn’t agree to download the virus. Not many people would voluntarily install such a devastating infection. Then how did the ransomware slither itself onto your machine? It was probably attached to some fake email or message. Yes, this is one of the oldest infiltration techniques out there. When it comes to ransomware, though, bogus emails are the number one method. Crooks rely on your curiosity. You might receive some perfectly safe-looking email from a shipping company, for instance. Another possibility is that you receive a random job application. Always keep in mind how dangerous those could be. It would only take one single click to download one vicious, aggressive infection. Or a whole bouquet of viruses. In order to protect your machine, you have to be careful online. There is no such thing as being too cautious while surfing the Internet. Parasites get spread via exploit kits, malicious torrents, fake program updates, third-party ads, unverified websites. In addition, some infections travel the Web bundled. That gives you a very solid reason to take your time during the installation when you go for program bundles. Do not skip any steps as you may also be skipping opportunities to prevent malware infiltration.

Why is Matrix dangerous?

The Matrix  Ransomware provides you a couple of email addresses. Stay away from bluetablet9643@yandex.ru, matrixhasyou9643@yahoo.com  and redtablet9643@yahoo.com. Even though the parasite’s ransom note try to convince you to make a payment, this is a scam. Paying the ransom demanded would only worsen your already bad situation. We would recommend that you ignore the ransomware’s messages and notes. This program only has one goal. To steal your money. Keep your Bitcoins instead and uninstall the virus. Matrix’s payment instructions come in both English and Russian. Hackers promise a decryptor in exchange for your money. However, you will not receive any decryption key even if you pay the entire ransom right away. This is a fraud, remember? Hackers are the last people to make negotiations with. To delete the Matrix parasite manually, please follow our detailed removal guide down below.

Matrix Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Matrix Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with Matrix encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate Matrix encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.