Matrix is a family of ransomware that was first publicly identified in December 2016. Over the years since its inception, it has primarily targeted small and medium-sized organizations. As of 2019, it had been observed in geographic locations such as the United States, Belgium, Taiwan, Singapore, Germany, Brazil, Chile, South Africa, Canada and the United Kingdom. While initially relying on tactics such as spam campaigns, propagation via Windows shortcuts and the RIG exploit kit for distribution, the primary attack vector for the Matrix ransomware family evolved in 2018 to brute forcing of weak remote desktop protocol (RDP) credentials. The shift to this attack methodology appears to be a recurring trend in similar targeted ransomware families, such as Dharma, Ryuk and BitPaymer.