Matrix-NEWRAR Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 249
Category: Trojans

A new malicious application – Matrix-NEWRAR Ransomware – has been discovered by our experienced malware researchers. Research has revealed that it is not exactly a completely new infection. It is just a new version of Matrix Ransomware instead. It is no doubt as harmful as its predecessor, we can assure you that. You will see this for yourself if you ever encounter this malicious application – it will lock files on your computer. It claims that it locks files using AES-128 and RSA-2048 encryption algorithms, and it is very likely that it is true. Unfortunately, it means that it will be extremely difficult, or even impossible, to unlock files without the special decryptor. Cyber criminals have this tool in their hands, and, most likely, you will be offered to purchase it from them. Make sure you do not send a cent to cyber criminals even if it turns out to be the only way to unlock files because, first of all, you do not even know whether you will get it and, second, you will encourage cyber criminals to release more threats. Without a doubt, you can encounter these new infections yourself one day. No matter what your final decision is, you must erase Matrix-NEWRAR Ransomware fully so that it could not cause you more trouble.

Ransomware infections act similarly, i.e. they encrypt files on affected computers or lock screens with the intention of obtaining money from users. Matrix-NEWRAR Ransomware is no exception. Even though it tries to slither onto computers secretly, it is impossible not to notice that it has entered the system successfully because it locks files and adds the extension [newrar@tuta.io].[8 random characters]-[8 random characters].NEWRAR, for example, [newrar@tuta.io].w1dY0vpV-wfyMwvWw.NEWRAR to all affected files. You will also find several new files on your computer after its successful entrance. The ransomware infection drops the ransom note  #NEWRAR_README#.rtf in all affected folders and a .bmp image to %APPDATA%. The latter file will have a random name, as research has shown. The file has a message for users. First of all, you will get an apology for encrypted files. Second, victims are told that there is a way to unlock encrypted files. To do so, you need to have both a decryption key and decryptor. If you want them, you must contact cyber criminals – send a message with a unique ID to all three listed emails. Cyber criminals promise to unlock 3 encrypted files for free to “demonstrate that we can recover your files,” but we do not think that it is worth paying for the decryptor. We are sure it will not be cheap, and you have zero guarantees that you will get that tool. If you have a completely different opinion about purchasing the decryptor and decide to take the risk, you should transfer money within 7 days because the key will be deleted from cyber criminals’ servers after 7 days. The ransomware infection also deletes Shadow Volume Copies of those affected files. Consequently, the only way to fix encrypted files for free is to retrieve them all from a backup.

As research has shown, Matrix-NEWRAR Ransomware usually affects machines on the network. Once executed, it searches for local IP addresses with an enabled file sharing feature. If the connection to IP is successful, it affects the machine on the network and then immediately starts performing its malicious activities, i.e. encrypting personal files. Ransomware infections are considered to be sophisticated malicious software, so it might not be easy to prevent it from affecting the machine and causing damage in all the cases. Luckily, it is possible to protect the system from all kinds of threats automatically, i.e. using an automated antimalware scanner. The sooner you install it, the sooner you could surf the Internet fearlessly.

You should delete Matrix-NEWRAR Ransomware from the system as soon as possible. You can delete it either manually or automatically. If you choose the manual method, you will have to erase the malicious file launched and files dropped by the ransomware infection (#NEWRAR_README#.rtf and {random name}.bmp). You can clean the system with an antimalware scanner instead. Needless to say, you will first have to acquire a reputable scanner if you decide to adopt the latter removal method.

Delete Matrix-NEWRAR Ransomware

  1. Open Windows Explorer (tap Win+E).
  2. Go to %USERPROFILE%\Downloads and remove all recently downloaded files.
  3. Remove #NEWRAR_README#.rtf from all affected directories.
  4. Access %APPDATA%.
  5. Delete {random name}.bmp.
  6. Empty Recycle Bin.
Download Remover for Matrix-NEWRAR Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Matrix-NEWRAR Ransomware Screenshots:

Matrix-NEWRAR Ransomware
Matrix-NEWRAR Ransomware
Matrix-NEWRAR Ransomware

Matrix-NEWRAR Ransomware technical info for manual removal:

Files Modified/Created on the system:

# File Name File Size (Bytes) File Hash
1#NEWRAR_README#.rtf8688 bytesMD5: b1b553deafb1c685dc3b9b76ea2c6ff4
2NWyFM2cL.exe4516352 bytesMD5: 66c7ca7b642a531ea1f9bf611ef8f42b

Memory Processes Created:

# Process Name Process Filename Main module size
1NWyFM2cL.exeNWyFM2cL.exe4516352 bytes

Comments are closed.