MALWARE-CNC Win.Ransomware.Matrix outbound connection
This event is generated when Matrix ransomware begins host infection.
A Matrix ransomware Trojan was detected.
Matrix beacons with limited infected host information including computer name and the current user account name. At this time Matrix is being distributed by brute forcing Remote Desktop passwords.
Ease of attack
Restore from known-good backup media and protect public facing remote desktop interfaces with strong passwords and ideally a VPN.
- Cisco's Talos Intelligence Group - Malware Research Team