Matrix and Emotet: What You Need to Know About These Two Types of Cyber Attacks

When people talk about cyber attacks, they’re often talking about widespread, common threats like phishing attacks deployed by low-skilled criminals. We’ve grown used to the idea of throngs of opportunistic cybercriminals sending out high-volume attacks, like email flooding, hoping that some might take root and score them a quick buck.

But as tools have been put in place to block those attacks, cybercriminals have evolved in turn. Targeted ransomware attacks are on the rise, with higher skilled cybercriminals carefully selecting targets to hack manually. And other malware attacks have grown more and more sophisticated, to keep evading security tools.

Recent threats like Matrix and Emotet demonstrate the various ways that cybercriminals have changed their tactics to stay effective and profitable in today’s marketplace. We’ll dig into what makes Matrix and Emotet unique and so dangerous, and what enterprises should be doing to protect against these and other similar threats.

Matrix: the niche targeted ransomware

With many advanced cyber threats, usually “who you are” is what makes you a target. With targeted ransomware like Matrix, though, the “what” is what makes you a target. Cybercriminals are looking for a vulnerability – things like unpatched web servers or an exposed Remote Desktop Protocol (RDP) host – and if you have one, you’re a target.

Targeted ransomware takes advantage of exposed or vulnerable hosts on the internet to manually, deliberately hack into a system and deliver ransomware. What sets targeted ransomware apart from other threats is that it’s manually implemented – there’s a human making decisions and adapting to roadblocks along the way.

Attackers using Matrix, a niche targeted ransomware, are known to infiltrate a company’s network by brute forcing their way into exposed RDP hosts. Once inside the network, attackers will escalate their privileges to become an administrator or domain administrator, and use any number of techniques to deploy the ransomware, demanding ransoms around $3,500.

The unfortunate truth is that many organizations still permit Windows computers with weak passwords to be exposed to the internet, creating a massive opportunity for targeted ransomware groups to exploit. That’s how Matrix has been able to cause damage and mayhem recently – by attacking that low-hanging RDP fruit.

Emotet: the shape-shifter

Compared to Matrix, Emotet is more of the opportunistic type of threat we’re used to seeing. This network worm is typically sent out with a “spray and pray” mentality, where cybercriminals send out large volumes of attacks and hope to infect as many people as possible. That’s vastly different from the slow, deliberate, manual approach that targeted ransomware takes.

Emotet is a great example of how a threat can evolve in order to stay relevant and maintain a revenue stream.

Since 2014, Emotet has evolved from primarily being a credential stealer and banking Trojan into a modular, polymorphic platform for distributing other kinds of malware. The worm has three main goals: spread onto as many machines as possible, send malicious emails to infect other organizations, and download a malware payload.

It’s also incredibly dangerous. The US Department of Homeland Security considers it one of the most costly and destructive threats to businesses today.

What makes Emotet so dangerous compared to many of the other opportunistic threats is its ability to change shape and spread without the aid of a user. That means that once it infects one computer in an organization, it can quickly spread across the entire network. And as it’s cleaned up, it has the ability to morph and re-infect the same machines.

To make matters worse, Emotet often also tries to turn a malware infection into a data breach by stealing email addresses, web histories, or even usernames and passwords. And we’ve also seen targeted ransomwares like BitPaymer use Emotet as a delivery mechanism.

How can enterprises defend themselves?

Sophisticated threats like Emotet and Matrix can be utterly devastating to infected organizations. Once a cybercriminal gains control over the network, there’s no limit to the damage they can inflict. The most important thing organizations can do to reduce the likelihood of becoming a target is build a strong security foundation to protect against all manner of attacks.

Think of it this way: Imagine a thief walking down the street at night in your neighborhood trying to open car doors. If a car door is locked, they’ll move on. But if they find one that’s unlocked, they’ll open the door and steal all the contents of the car. That’s what’s happening with these attacks. Enterprises need to be doing everything they can to lock the door, so to speak, and that starts with security fundamentals.

Patch your systems, especially those exposed to the internet. Take RDP machines and put them behind a VPN with two-factor authentication.

Beyond that, make sure you’re using all the best security tools at your disposal, like exploit prevention tools that provide protection from endpoint to firewall. Innovative technology like deep learning can help protect against a polymorphic threat like Emotet, with the ability to recognize and block new variants.

Here’s the bottom line: If your enterprise is connected to the internet, the risks may be both broader and deeper than you realize. It’s time to invest in innovative security software that’s easy and intuitive to use.

For more information on Sophos security solutions visit, for Emotet, Matrix and other cyber threats, go to

Current Magazine September 2019 September 2019
© Technology First 2019. All rights reserved.