How to remove Matrix Ransomware and decrypt .matrix files

Infected with Matrix ransomware? Need to decrypt your files?

What is Matrix ransomware

Matrix is another ransomware-type malware, that can encrypt user documents, photos, music, video, archives and other types of personal files. Virus adds “.matrix” extension to all encrypted files. It also creates matrix-readme.rtf or Readme-Matrix.rtf files with message in Russian and English with instructions to pay the ransom. Developers of Matrix ransomware offers to contact them using following e-mail addresses: bluetablet9643@yandex.ru, matrix9643@yahoo.com or redtablet9643@yahoo.com and demand ransom of about $500 – $1500. Luckily, virus has some flaws and doesn’t decrypt all files leaving some files untouched. Here are the texts in ransom demanding messages:

ALL YOUR FILES HAVE BEEN LOCKED!
This operating system and all of important data was locked due to the violation of the federal laws of the United States of America! (Article 1, Section 8, Clause 8; Article 202; Article 210 of the Criminal Code of U.S.A provides for a deprivation of liberty for four to twelve years.)
Following violations were detected: Your IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! This computer is aimed to stop your illegal activity. To unlock your files you have to pay the penalty! You have only 96 hours to pay the penalty, otherwise you will be arrested! You must pay the penalty through Bitcoin Wallet. To pay the penalty and unlock you data, you should send the following code: - to our agent e-mails: thematrixhasyou9643@yahoo.com or cremreihanob1979@yandex.ru You will receive all necessaryy instructions! HURRY UP OR YOU WILL BE ARRESTED!!!

Внимание! Все Вашu файлы были зашифpoваны.
Чmoбы раcшифрoвать uх, Вам нeoбхoдимo omnравить код:
ID-FFDC13B6EDA70112
на электpoнный адрес: matrix9643@yahoo.com
Далeе в oтвeтнoм пиcьмe вы noлyчите вce нeoбxoдuмые uнстpyкцuu.
Пonыmku расшифрoвать самocmoяmeльнo не пpuвeдym ни k чемy, kрoмe безвoзвpатнoй noтeри инфoрмацuи.
Ecли вы вcё же xomиme nonыmаmьcя, тo пpедваритeльнo cдeлайтe pезервныe konиu файлoв, uначe в слyчаe ux изменeнuя раcшифрoвка станeт нeвoзмoжнoй ни при каkuх ycлoвuяx.
Еcли вы не noлyчuлu oтвета пo вышеykазаннoмy адpecy в течениe 24 чаcoв (и тoльko в этoм случае!), вoспoльзуйmecь резервнoй пoчтoй:
redtablet9643@yahoo.com

Аttеntiоn! Аll yоur filеs wаs еnсryрtеd.
Tо dесryрt thе filеs, Yоu hаvе to shоuld sеnd thе fоllоwing cоdе:
ID-FFDC13B6EDA70112
tо е-mаil аddrеss: matrix9643@yahoo.com
Thеn Yоu will rеciеvе аll nеcеssаry instruсtiоns.
Аll thе аttеmpts оf dесryptiоn by yоursеlf will rеsult оnly in irrеvосаble lоss оf yоur dаtа.
If yоu still wаnt tо try tо dеcrypt thеm by yоursеlf plеаsе mаkе а bаckup аt first bеcаusе thе dесryptiоn will bеcоmе impоssiblе in cаsе оf аny chаngеs insidе thе filеs.
If yоu did nоt rеcеivе thе аnswеr frоm thе аfоrеcitеd еmаil fоr mоrе thоn 24 hеurs (аnd оnly in this cаsе!), usе thе rеsеrvе е-mаil аddrеss:
redtablet9643@yahoo.com

In this article we offer free instructions to remove Matrix ransomware and decrypt .matrix files in Windows 10, Windows 8, Windows 7, Windows Vista and Windows XP.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

matrix ransomware

How Matrix ransomware infected your PC

Mostly, Matrix ransomware is spread through the spam emails. Cybercriminals persuade unsuspecting users to open attachments from such emails using some official information like taxes, fines, purchases and e.t.c. Email design might slightly differ from your previous official emails. So, if you have doubts about the authenticity of the letter, you should first contact the institution. Also the infection can proliferate secretly as some freeware program or it can pretend to be the update. While you think that you are updating some program, you are actually installing ransomware. Therefore, you should never download programs from the suspicious sources and use a third party update tool. The only way to protect your computer from such threats is use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.

What to do if you are infected with Matrix ransomware virus?

First of all don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer, before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Matrix ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

SpyHunter 4 – fully removes all instances of Matrix ransomware – files, folders, registry keys.

 

Download Removal Tool

Step 2: Remove following files and folders of Matrix ransomware:

Remove following registry entries:

no information

Remove following files:

How to restore files.hta

How to decrypt files infected by Matrix ransomware (.matrix files)?

Use automated decryption tools

1. .matrix decryption tool from Kaspersky

kaspersky rakhni decryptor for .matrix ransomware

There is ransomware decryptor from Kaspersky that can decrypt .matrix files. It is free and may help you restore .matrix files encrypted by Vegclass Ransomware virus. Download it here:

Download Kaspersky RakhniDecryptor

Decrypt .matrix files manually

Restore the system using System Restore

system restore

Although, latest versions of Matrix ransomware remove system restore files, this method may help you to partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – encrypted by Matrix ransomware). This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore .matrix files using shadow copies

shadow explorer gui

  1. Download and run Shadow Explorer.
  2. Select the drive and folder where your files are located and date that you want to restore them from.
  3. Right-click on folder you want to restore and select Export.
  4. Choose export location and view restored files.

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Information provided by: Alexey Abalmasov

About Aleksei Abalmasov 519 Articles
Computer security specialist. I try to do my best and share my knowledge with you by creating simple-to-follow and useful guides on various topics about computer security.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


Time limit is exhausted. Please reload CAPTCHA.