Think you have a false positive on this rule?

Sid 1-46339

Message

MALWARE-CNC Win.Ransomware.Matrix outbound connection

Summary

This event is generated when Matrix ransomware begins host infection.

Impact

A Matrix ransomware Trojan was detected.

Detailed information

Matrix beacons with limited infected host information including computer name and the current user account name. At this time Matrix is being distributed by brute forcing Remote Desktop passwords.

Affected systems

  • Windows

Ease of attack

N/A

False positives

N/A

False negatives

N/A

Corrective action

Restore from known-good backup media and protect public facing remote desktop interfaces with strong passwords and ideally a VPN.

Contributors

  • Cisco's Talos Intelligence Group - Malware Research Team

Additional References

  • "www.virustotal.com/#/file/996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9/detection"