Remove MATU Ransomware Virus (DECRYPT .matu FILES)

MATU ransomware seeks to lock your private information with sturdy encryption

MATU is a ransomware-type laptop virus that targets information stored on Home windows programs. It normally infects computer systems in disguise of a software program crack or one other unlawful obtain, and as soon as it does, it begins encrypting each single information saved on the system. It’s a acknowledged variant of STOP/DJVU ransomware that appends .matu extension to encrypted information. For example this course of, let’s say you had some information named 1.jpg or 2.mp4 previous to the assault. After being encrypted, they are going to seem as 1.jpg.matu and a couple of.mp4.matu, and one can find that there is no such thing as a method to open them. This ransomware can be identified to be distributed alongside information-stealing Trojans similar to VIDAR, Azorult and RedLine.

The entire level of encrypting information is to demand a ransom from the pc consumer – so the MATU ransomware creates and saves a duplicate of a ransom notice in a number of laptop places. This notice is a textual content file known as _readme.txt and it features a brief message from the criminals, contact data and the decryption device pricing situations.

Overview of ransom notice contents

The ransom notice explains what occurred throughout the ransomware assault, and that each one of sufferer’s information have been encrypted. For these unfamiliar of what encryption means, it’s a technique to safe data in order that it can’t be learn by unsolicited events. Subsequently, to be able to entry encrypted information, one has to have decryption key (also called non-public key) to unlock content material saved in information. Whereas encryption is often used to safe military-grade secrets and techniques, additionally delicate data similar to passwords and banking data on-line, the cybercriminals put a foul use to it.

The notice offers two electronic mail addresses that belong to cybercriminals – [email protected] and [email protected]. The sufferer is requested to jot down an electronic mail and connect one encrypted file (one which doesn’t maintain useful data) in addition to private ID supplied within the _readme.txt file. The criminals advise that they are going to ship a decrypted file model to show their capabilities to decrypt .matu information.

ransom note _readme.txt created by MATU virus

On prime of that, the notice comprises cybercriminals’ situations on decryption device value. In accordance with the crooks, victims who attain out to them inside 72 hours (3 days) will get a 50% ransom quantity low cost, which suggests the information restoration process would value $490 as an alternative of the preliminary quantity, which is $980.

The legislation enforcement companies like FBI don’t suggest paying a ransom. This by no means ensures information restoration, apart from, it fuels the ransomware cycle, which suggests the criminals will infect extra victims now that they’ve extra money to make use of extra unlawful enterprise individuals.

When you have detected this risk in your Home windows-running laptop, we strongly suggest that you just take away MATU ransomware virus utilizing skilled antivirus solely. Makes an attempt to delete malicious information, settings and different helper objects may be unsuccessful, so we advise that you just observe the rules supplied beneath the article and put together your laptop for a protected virus elimination first.

In the event you’re undecided on which AV answer to make use of, it’s possible you’ll wish to strive INTEGO Antivirus, which is praised by our consultants. Moreover, you possibly can obtain RESTORO to restore broken Home windows OS information.

Ransomware Abstract

Identify MATU Ransomware Virus
Kind Ransomware; Crypto-malware; Digital Extortion Virus
Household STOP/DJVU
Encryption sort RSA 2048 + Salsa20
Earlier variations MATU, TCBU, UYRO, ZATP, UYIT, MBTF, MPPN (discover full listing right here)
Model 616th
Extension .matu
Cybercriminal emails [email protected] and [email protected]
Extra malware dropped Azorult or Vidar Trojan
Injury The ransomware makes use of encryption to maliciously modify all information on the PC and marks their authentic names with .matu extension. Ransom notes known as as _readme.txt can be dropped in each laptop folder. This piece of malware normally drags VIDAR Stealer alongside it and likewise eliminates VSS from the system. On prime of that, it tends to change Home windows HOSTS file to limit laptop consumer’s entry to cybersecurity-related web sites on-line.
Ransom notice _readme.txt
Ransom demand $490-$980 in Bitcoin
Distribution Victims typically obtain this ransomware alongside unlawful torrent downloads, cracked software program, activators, key turbines or instruments like KMSPico.
Identified software program cracks to include this malware Corel Draw, Tenorshare 4ukey, Adobe Photoshop, Cubase, Adobe Illustrator, Web Obtain Supervisor, Tally, League of Legends.
Detection names Trojan:Win32/Azorult.FW!MTB (Microsoft), Gen:Heur.Mint.Zard.52 (B) (Emsisoft), HEUR:Trojan.Win32.Scarsi.gen (Kaspersky), Gen:Heur.Mint.Zard.52 (BitDefender), Trojan.MalPack.GS (Malwarebytes), ML.Attribute.HighConfidence (Symantec) see all detection identify variations on VirusTotal
Removing Take away ransomware and associated malware out of your PC utilizing reliable software program like INTEGO Antivirus. To restore virus injury on Home windows OS information, obtain and take a look at RESTORO (safe obtain hyperlink).
Intego Antivirus for Windows

Intego Antivirus for Home windows

Award-winning antivirus answer in your PC.

Strong safety software program that gives sturdy 24/7 real-time safety, Net Defend that stops on-line threats/malicious downloads, and Prevention engine that wards off Zero-Day threats. Preserve your PC protected and guarded in opposition to ransomware, Trojans, viruses, spyware and adware and different types of harmful packages.

MATU ransomware encrypts files and appends .matu extension to their names

Get to understand how ransomware spreads

Ransomware-type laptop viruses are largely unfold via unlawful on-line content material that may be downloaded both through direct hyperlink or torrents (utilizing Peer-2-Peer software program). The vast majority of STOP/DJVU variants, together with MATU virus, are reportedly hidden in rogue websites selling faux software program cracks for standard software program.

For instance, when you are likely to keep away from paying for legit software program, your probabilities to come upon file-encrypting laptop malware are excessive. The one method to examine such downloads for malware is by consumer itself, nonetheless, even these makes an attempt may be unsuccessful. Subsequently, we’d prefer to repeat once more that the one protected method to obtain software program is thru official and verified sources solely. We additionally suggest studying this text about rogue web sites pushing malicious software program cracks.

One other technique cybercriminals love to make use of for pushing malware is malicious electronic mail spam. The criminals connect misleading electronic mail attachments and identify them as invoices, waybills, parcel monitoring particulars or order summaries solely to persuade the goal to open them. If the consumer fails to determine rip-off and launches the file, the malicious script in it can obtain the malware from an exterior useful resource and run it on consumer’s laptop. For that reason, customers ought to ignore all emails that come from unsolicited events or appear no less than barely suspicious.

Lastly, the criminals additionally attempt to hunt for victims by importing faux ransomware decryption instruments on-line, so watch out and solely belief respected web sites in your downloads. In any other case, an try and get well your information can drag much more malware to the system.

Take away MATU Ransomware Virus and Recuperate Information

The best method to take away MATU ransomware virus is defined within the information supplied beneath. What you will have to do is boot your laptop in Protected Mode with Networking first, after which run an up-to-date antivirus answer. In the event you’re uncertain which one to make use of, our workforce strongly suggest utilizing INTEGO Antivirus.

After eradicating MATU virus, think about downloading RESTORO (safe obtain hyperlink) to restore virus injury precipitated on Home windows OS information. Viruses like STOP/DJVU typically modify system information to persist on the system, or to dam entry to particular web sites for the consumer, so such instruments helps to reverse the injury.

We additionally strongly suggest that you just change all your passwords used on the compromised laptop as quickly because the malware is gone.


Our workforce recommends a two-step rescue plan to take away ransomware and different remaining malware out of your laptop, plus restore precipitated virus injury to the system:


Get INTEGO ANTIVIRUS for Home windows to take away ransomware, Trojans, adware and different spyware and adware and malware variants and shield your PC and community drives 24/7.. This VB100-certified safety software program makes use of state-of-art know-how to supply safety in opposition to ransomware, Zero-Day assaults and superior threats, Intego Net Defend blocks harmful web sites, phishing assaults, malicious downloads and set up of doubtless undesirable packages.

Use INTEGO Antivirus to take away detected threats out of your laptop.

Learn full evaluate right here.


RESTORO offers a free scan that helps to determine {hardware}, safety and stability points and presents a complete report which may help you to find and repair detected points manually. It’s a nice PC restore software program to make use of after you take away malware with skilled antivirus. The total model of software program will repair detected points and restore virus injury precipitated to your Home windows OS information routinely.

RESTORO makes use of AVIRA scanning engine to detect current spyware and adware and malware. If any are discovered, the software program will get rid of them.

Learn full evaluate right here. editors choose beneficial merchandise based mostly on their effectiveness. We could earn a fee from affiliate hyperlinks, at no further value to you. Be taught extra.

MATU Ransomware Virus Removing Pointers

Technique 1. Enter Protected Mode with Networking

Step 1. Begin Home windows in Protected Mode with Networking

Earlier than you attempt to take away MATU Ransomware Virus virus, you should begin your laptop in Protected Mode with Networking. Under, we offer the simplest methods in addition PC within the stated mode, however you will discover further ones on this in-depth tutorial on our web site – The right way to Begin Home windows in Protected Mode. Additionally, when you choose a video model of the tutorial, examine our information The right way to Begin Home windows in Protected Mode on Youtube.

Directions for Home windows XP/Vista/7 customers

  1. Initially, flip off your PC. Then press the Energy button to begin it once more and immediately begin urgent F8 button in your keyboard repeatedly in 1-second intervals. This launches the Superior Boot Choices menu.
  2. Use arrow keys on the keyboard to navigate all the way down to Protected Mode with Networking choice and press Enter.
    Remove ransomware using Safe Mode with Networking

Directions for Home windows 8/8.1/10/11 customers

  1. Open Home windows Begin menu, then press down the Energy button. In your keyboard, press down and maintain the Shift key, after which choose Restart choice.Hold Shift and click Restart to enter Windows Troubleshooting menu
  2. It will take you to Home windows Troubleshoot display. Select Troubleshoot > Superior Choices > Startup Settings > Restart. Tip: If you cannot discover Startup Settings, click on See extra restoration choices.Tutorial on how to enable Safe Mode in Windows 10,8,8.1
  3. In Startup Settings, press the best key between F1-F9 to enter Protected Mode with Networking. On this case, it’s the F5 key.Choose Windows Safe Mode type by pressing the right function key
Step 2. Take away information related to the virus

Now, you possibly can seek for and take away MATU Ransomware Virus information. It is extremely onerous to determine information and registry keys that belong to the ransomware virus, In addition to, malware creators are likely to rename and alter them repeatedly. Subsequently, the simplest method to uninstall such sort of a pc virus is to make use of a dependable safety program similar to INTEGO Antivirus. For virus injury restore, think about using RESTORO.

Particular Supply

RESTORO is a singular PC Restore Device which comes with an in-built Avira scan engine to detect and take away spyware and adware/malware threats and makes use of a patented know-how to restore virus injury. The software program can restore broken, lacking or malfunctioning Home windows OS information, corrupted DLLs, and extra. The free model provides a scan that detects points. To repair them, license key for the total software program model have to be bought.

Technique 2. Use System Restore

In an effort to use System Restore, you should have a system restore level, created both manually or routinely.

Step 1. Boot Home windows in Protected Mode with Command Immediate

Directions for Home windows XP/Vista/7 customers

  1. Shut down your PC. Begin it once more by urgent the Energy button and immediately begin urgent F8 button in your keyboard repeatedly in 1-second intervals. You will note Superior Boot Choices menu.
  2. Utilizing arrow keys on the keyboard, navigate all the way down to Protected Mode with Command Immediate choice and press Enter.
    Starting Windows in Safe Mode with Command Prompt

Directions for Home windows 8/8.1/10/11 customers

  1. Launch Home windows Begin menu, then click on the Energy button. In your keyboard, press down and maintain the Shift key, after which select Restart choice with the mouse cursor.Hold Shift and click Restart to enter Windows Troubleshooting menu
  2. It will take you to Home windows Troubleshoot display. Select Troubleshoot > Superior Choices > Startup Settings > Restart. Tip: If you cannot discover Startup Settings, click on See extra restoration choices.Tutorial on how to enable Safe Mode in Windows 10,8,7
  3. In Startup Settings, press the best key between F1-F9 to enter Protected Mode with Command Immediate. On this case, press F6 key.Choose Windows Safe Mode type by pressing the right function key
Step 2. Begin System Restore course of
  1. Wait till system masses and command immediate exhibits up.
  2. Kind cd restore and press Enter, then sort rstrui.exe and press Enter. Or you possibly can simply sort %systemrootpercentsystem32restorerstrui.exe in command immediate and hit Enter.
    Start system restore from command prompt using these commands
  3. This launches System Restore window. Click on Subsequent after which select a System Restore level created prior to now. Select one which was created earlier than ransomware an infection.Choose system restore point created before ransomware infection
  4. Click on Sure to start the system restoration course of.

After restoring the system, we suggest scanning the system with antivirus or anti-malware software program. Generally, there will not be any malware stays, however it by no means hurts to double-check. As well as, we extremely suggest checking ransomware prevention tips supplied by our consultants to be able to shield your PC in opposition to related viruses sooner or later.

Various software program suggestions

Malwarebytes Anti-Malware

Eradicating spyware and adware and malware is one step in direction of cybersecurity. To guard your self in opposition to ever-evolving threats, we strongly suggest buying a Premium model of Malwarebytes Anti-Malware, which offers safety based mostly on synthetic intelligence and machine studying. Consists of ransomware safety. See pricing choices and shield your self now.

get malwarebytes premium

System Mechanic Final Protection

In the event you’re searching for an all-in-one system upkeep suite that has 7 core parts offering highly effective real-time safety, on-demand malware elimination, system optimization, information restoration, password supervisor, on-line privateness safety and safe driver wiping know-how. Subsequently, resulting from its wide-range of capabilities, System Mechanic Final Protection deserves Geek’s Recommendation approval. Get it now for 50% off. You might also be occupied with its full evaluate.

Disclaimer. This web site contains affiliate hyperlinks. We could earn a small fee by recommending sure merchandise, at no further value for you. We solely select high quality software program and providers to suggest.

Decrypt MATU information

Repair and open giant MATU information simply:

It’s reported that STOP/DJVU ransomware variations encrypt solely the start 150 KB of every file to make sure that the virus manages to have an effect on all information on the system. In some instances, the computer virus may skip some information in any respect. That stated, we suggest testing this technique on a number of massive (>1GB) information first.

  1. Create a duplicate of encrypted file to a separate folder utilizing Copy > Paste instructions.
  2. Now, right-click the created copy and select Rename. Choose the MATU extension and delete it. Press Enter to save lots of adjustments.
  3. Within the immediate asking whether or not you wish to make the adjustments as file may turn out to be unusable, click on OK.
  4. Strive opening the file.

STOP/DJVU decryption device utilization information

STOP/DJVU ransomware variations are grouped into outdated and new variants. MATU Ransomware Virus is taken into account the brand new STOP/DJVU variant, identical to MATU, TCBU, UYRO, ZATP, UYIT, MBTF, MPPN (discover full listing right here). This implies full information decryption is now attainable solely when you’ve got been affected by offline encryption key. To decrypt your information, you’ll have to obtain Emsisoft Decryptor for STOP DJVU, a device created and maintained by a genius safety researcher Michael Gillespie.

Word! Please don’t spam the safety researcher with questions whether or not he can get well your information encrypted with on-line key – it’s not attainable.

In an effort to check the device and see if it may decrypt MATU information, observe the given tutorial.

  1. Obtain the decryption device from Emsisoft.
  2. Click on the little arrow subsequent to your obtain and select Present in Folder.
    show emsisoft decryptor for stop djvu in folder
  3. Now, right-click the file and select Run as Administrator. If requested, enter administrator’s password.
    run stop djvu decryptor as administrator
  4. In UAC window, click on Sure.
  5. Click on Sure to comply with software program phrases in each home windows.
    agree to emsisoft stop djvu decryptor terms
  6. The device will routinely embody C:// disk as a location to decrypt. The file restoration device will prepopulate the places to scan, together with linked information storage drives or community drives. Click on Add folder when you want to add further places.
    In Choices tab, you possibly can select to maintain encrypted file copies. We suggest leaving this selection chosen, particularly when you have no idea if the decryption device will work.
    add folders to decrypt
  7. Click on Decrypt to begin restoring MATU information. You will note the progress within the Outcomes tab. Right here, you possibly can see messages from the device, similar to whether or not the decryption process is profitable, or it’s essential to watch for an replace.
    You may additionally be told that on-line key was used to encrypt your information. In such case, the decryption device will not be just right for you, and the one method to get well your information is to make use of an information backup.
    decrypt files locked by offline encryption by stop/djvu ransomware variants

Meanings of decryptor’s messages

The MATU decryption device may show a number of totally different messages after failed try to revive your information. You may obtain one of many following messages:

Error: Unable to decrypt file with ID: [example ID]

This message usually implies that there is no such thing as a corresponding decryption key within the decryptor’s database.

No key for New Variant on-line ID: [example ID]
Discover: this ID seems to be an internet ID, decryption is not possible

This message informs that your information have been encrypted with on-line key, which means nobody else has the identical encryption/decryption key pair, subsequently information restoration with out paying the criminals is not possible.

Outcome: No key for brand spanking new variant offline ID: [example ID]
This ID seems to be an offline ID. Decryption could also be attainable sooner or later.

In the event you have been knowledgeable that an offline key was used, however information couldn’t be restored, it implies that the offline decryption key is not obtainable but. Nonetheless, receiving this message is extraordinarily excellent news, which means that it is perhaps attainable to revive your MATU extension information sooner or later. It may possibly take a number of months till the decryption key will get discovered and uploaded to the decryptor. We suggest you to observe updates relating to the decryptable DJVU variations right here. We strongly suggest backing up your encrypted information and ready.

Report Web crime to authorized departments

Victims of MATU Ransomware Virus ought to report the Web crime incident to the official authorities fraud and rip-off web site in line with their nation:

If you cannot discover an authority comparable to your location on this listing, we suggest utilizing any search engine to search for “[your country name] report cyber crime”. This could lead you to the best authority web site. We additionally suggest staying away from third-party crime report providers which can be typically paid. It prices nothing to report Web crime to official authorities.

One other advice is to contact your nation’s or area’s federal police or communications authority.

Steadily Requested Questions

✓ How can I open .MATU information?

You possibly can solely open MATU information when you’ve got the decryption key, or when you have been affected by offline encryption sort.

✓ How do I do know if my information have been encrypted with offline or on-line encryption?

To determine whether or not you have been affected by offline encryption, please go to C:/SystemID/PersonalID.txt and see if the string within it ends in t1. You may as well strive utilizing Emsisoft Decryptor for STOP/DJVU.

✓ My information include essential data (household recollections). Each device I used says it’s not possible to decrypt. What ought to I do?

Please observe the guidances supplied by the official MATU decryption instruments and consider what they are saying. If they are saying it’s not possible to decrypt, it truly is so. There isn’t any magic device or human able to decrypting your information hiding someplace. Encryption is a method created to be almost not possible to decrypt and not using a particular non-public key (held by the criminals).

✓ I’m afraid virus continues to be in my laptop system. What ought to I do?

We advise scanning with anti-virus, anti-malware, malware elimination instruments or software program like RESTORO to get rid of virus injury on the system. If you don’t belief utilizing a single device, strive working one after one other. Nonetheless, we don’t suggest conserving a number of safety packages on a pc directly as they’ll intrude with one another’s work.

✓ I noticed a number of Youtube movies suggesting secret decryption instruments. Can I belief them?

Beware of faux MATU decryption instruments circulating across the net. Cyber criminals are importing them to numerous shady web sites, additionally is perhaps selling them through suspicious Youtube movies. These packages can infect your laptop much more closely (Trojans, miners, and so on.). We recommend being extraordinarily cautious across the net. If there can be an official STOP/DJVU decryption device obtainable, it will likely be broadly mentioned in public media.