Matroska Ransomware Removal Guide

Do you know what Matroska Ransomware is?

Matroska Ransomware which is also known as HUSTONWEHAVEAPROBLEM Ransomware is a computer infection that was discovered in late July of 2017. It is yet another Hidden-Tear-based ransomware set to encrypt many of your files on your PC and then demand that you pay money within a certain timeframe. However, you should be wary that its creators might not give you the decryption key or it might not work when you get it. In short, there are many things that can go wrong when paying the ransom. Furthermore, your files may not be worth the money that the criminals ask you to pay, so we suggest that you remove this malicious program using the guide below this article.

Before we go into the details regarding its functionality, we want to discuss its distribution methods, so that you could avoid encountering this ransomware in the first place. According to our cyber security specialists, this particular ransomware is disseminated using email spam. Emails are sent to random email addresses, and this ransomware’s main executable file is included as a file attachment that is disguised as a PDF or MS Word document, and its file icon can also be changed to masquerade as one of the mentioned document types. If you open the attached file without downloading it first, then it will be placed in %TEMP% folder. However, if you download it, then you can find it in the folder where all of your browser downloads go. Researchers have received unconfirmed information that Matroska Ransomware can also be distributed via unsecured Remote Desktop Protocol (RDP) connection that allows a user to connect to and control a computer remotely. If a password is present, then it can be cracked using a brute-force attack.

Once it has successfully infected your PC, Matroska Ransomware starts encrypting your files. It does not scrutinize which files to encrypt and encrypts most of them. Researchers say that this program targets documents, images, videos and audios, executables, file archives, and so on in an attempt to encrypt as many of your files as possible. It appends the encrypted files with a .HUSTONWEHAVEAPROBLEM@KEEMAIL.ME extension but does not change the original name of the files. Once the encryption is complete, it drops a ransom note called “HOW_TO_RECOVER_ENCRYPTED_FILES.txt” into each folder where files have been encrypted.

Matroska Ransomware generates a personal ID number that is included in the ransom note. The note claims that your files have been encrypted due to a security problem which is untrue. The note says you have to send an email to the developers at HUSTONWEHAVEAPROBLEM@KEEMAIL.ME including the personal ID number in the email. The price is to be paid in Bitcoins and the sum to be paid depends on how fast you write to the cyber criminals. Also, it is worth mentioning that you only have 72 hours to pay the ransom because your decryption key will be deleted once the time runs out and you will not be able to decrypt your files. Also, it is worth mentioning that there is no free decryption tool capable of decrypting it, so your choices are rather limited.

The cyber security industry has yet to come up with an answer to Matroska Ransomware and, thus, you cannot just get a free decryption tool and decrypt your files. You have to decide whether you want to risk paying the ransom for a decryption key that you may not get or delete this ransomware and try to restore as many of your files from external drives. We have included a manual removal guide that you can use, but if you cannot find the executable, then you can use SpyHunter to detect and delete it automatically.

How to delete this ransomware manually

  1. Press Win+E keys.
  2. In the File Explorer’s address box, enter the following file paths.
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
    • %TEMP%
  3. Identify the ransomware’s executable.
  4. Right-click it and click Delete.
  5. Then, go to %ALLUSERSPROFILE%\Start Menu\Programs\Startup
  6. Find HOW_TO_RECOVER_ENCRYPTED_FILES.txt and delete it.
  7. Finally, go to %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
  8. Find HOW_TO_RECOVER_ENCRYPTED_FILES.txt and delete it.
  9. Delete the ransom note from all other locations as well.
  10. Right-click the Recycle Bin icon and click Empty Recycle Bin.

In non-techie terms:

Matroska Ransomware is a highly malicious computer infection that can infect your PC secretly via email or some other method and encrypt many of your valuable files in order to demand money for a decryption tool. There is no guarantee that you will get this key once you have paid and the price for it can be too high as well. Therefore, we suggest that you not comply with the demands of the cyber criminals but remove this ransomware using the guide above or a anti-malware program.