What is Ransomware?
Ransomware is a type of malware that encrypts the victim's data, then demands payment to restore access. Typically, this kind of malware also includes a timer or countdown that displays how much time remains before the next round of files are encrypted. This payment usually requires Bitcoin or another cryptocurrency due to its anonymity and the difficulty in tracing where these payments go.
How Does Ransomware Spread?
Ransomware is distributed via email attachments, DOCM files, and executable attachments on video players or PDF files on gaming consoles. It can also be downloaded onto your system by visiting compromised websites with fake antivirus software installed.
How Does Matafaka Ransomware Work?
Matafaka Ransomware encrypts files on the infected machine, rendering them inaccessible. It then demands a ransom to be paid for the restoration of the access to those files. Matafaka Ransomware has been observed demanding .748 BTC in exchange for decryption keys (approximately $3,300 USD).
Matafaka Ransomware installs itself as a service called "taskmgr". Once installed, it creates a malicious process and proceeds to load an embedded copy of Locky ransomware that is executed in safemode without debuggers enabled. Immediately after finishing loading Locky, it terminates the malicious process and deletes its copy on disk. Locky takes over from there and displays its ransomware note with its payment site.
How to Protect My Computer From Ransomware
To protect your computer from ransomware, it is best to do the following:
-Update your Windows software and security definitions.
-Make sure you have working backups of all data. If an attack happens, you can restore the data with the backups.
-Use a reputable antivirus program.
-Educate employees about malware and ransomware. This will help them avoid opening malicious emails attachments, links, or executing programs that may contain malware.
-Ensure that employees are familiar with different types of malware and the malware like Matafaka Ransomware, Trojans and worms, etc
-Do not open attachments from unknown sources. Also, do not click links/attachments sent by unknown persons or sent via untrusted email clients such as sieve (Outlook), Eudora, imoqle (Thunderbird), etc.
-Never download files that look suspicious. Most importantly, do not run executable files without running them first.