Matrix-EMAN Ransomware Removal Guide

Unprotected systems are the prime target of Matrix-EMAN Ransomware, a malicious file-encryptor that can spread via spam emails (their attachments, to be more precise), malicious downloaders, and unprotected remote access to the system. Just like the majority of file-encryptors, this infection specifically targets Windows operating systems, and so if you use one, and it is not protected reliably, you have something to worry about. In fact, you have lots to worry about because there are hundreds of unique file-encryptors that could try to invade your system. A few of them are Matrix-NEWRAR Ransomware and Matrix Ransomware. As you can tell by their names, they are associated with the infection discussed in this report. In fact, Matrix-EMAN and Matrix-NEWRAR are variants of Matrix Ransomware. Needless to say, they all require removal, but we focus on deleting Matrix-EMAN Ransomware in this report. A guide you can find below was created to help you eliminate the infection manually, but that is not the only option you should consider.

Once Matrix-EMAN Ransomware is executed on your operating system, it does a few malicious things. For one, it searches for a local IP address with file-sharing enabled via LAN. If the connection is successful, the infection can infect machines on the same network. Furthermore, it checks for available local drives, which could allow it to infect USB drives. The malicious threat can also send information about your computer, including some sensitive information about you, to a remote server. Matrix-EMAN Ransomware can download other files too. This is what makes this threat more dangerous than most other file-encryptors. When it comes to the encryption of files, it appears to use a combination of AES and RSA keys. The encrypted files are also renamed, and their names look like this: [EncodeMan@qq.com].{random characters}.EMAN. You cannot restore files by renaming them or even by removing Matrix-EMAN Ransomware. What about backups? If you rely on your system’s backup, you might be disappointed to learn that the infection deletes Shadow Volume Copies. If you have copies of your files stored on external drives or cloud storage, you are in a perfect situation because your files are not lost!

You might realize that you need to remove Matrix-EMAN Ransomware from your operating system after you find your files renamed and unreadable. Or you could recognize the existence of the infection when you face a new wallpaper image and a ransom note. The wallpaper image is a BMP file with a random name created in the %APPDATA% directory. This image displays red text in black background, and the text is a message that informs about the encryption of files. It also presents three email addresses (EncodeMan@qq.com, EncodeMan@protonmail.com, and EncodeMan@tutanota.com). It is suggested that you should send an email to learn how to decrypt files. The BMP file also points to a file named “#README_EMAN#.rtf.” This file should be created in every folder where files are encrypted, and so you shouldn’t need to look for it far. This message lists the same email addresses, but it also offers to communicate with cyber criminals using Bitmessage. The ransom note also informs that the decryption key you need would be removed in 7 days, and that is meant to make you act faster. Unfortunately, whether you contact cyber criminals and follow the instructions to pay a ransom for the decryptor on the first day or the seventh day, it is unlikely that you will get your hands on the decryptor.

There are quite a few components that you need to eliminate to remove Matrix-EMAN Ransomware fully and completely. Most important components are the launcher and its copy. Needless to say, if you delete one but not the other, the malicious infection will continue being a threat to you. This is why you need to be extremely cautious if you decide to clean your operating system manually. Luckily, that is not your only option. Our research team suggests installing anti-malware software instead. Of course, it has to be legitimate and trustworthy; otherwise, you could create more problems for yourself. The right anti-malware software will delete Matrix-EMAN Ransomware automatically, and it will also strengthen the protection of the operating system overall to ensure that malware cannot invade it again. Hopefully, you can recover your files from backup, but if that is not an option, take this as a lesson that your files need to be protected appropriately if you want them safe.

How to delete Matrix-EMAN Ransomware

1. Delete all copies of the file named #README_EMAN#.rtf.
2. On the Desktop, Delete these malicious ransomware components: [unknown].bat, two [unknown].txt files, [unknown].exe.
3. Delete the [unknown].exe file that launched the infection (the location is unknown).
4. Go to %APPDATA% (tap Win+E to access Explorer and enter the path into the box at the top to access the directory).
5. Delete the [unknown].bmp file that represents the wallpaper image.
6. Empty Recycle Bin and then immediately scan your operating system using a legitimate malware scanner.