Sign Me Up For
The Free Assessment

 

ALERT: Mamba Ransomware Encrypts Hard Drives

Malware has evolved so much and may have reached its peak. However, it has been discovered that the method of individually encrypting files is not the only way of extorting money. Now, there is a new ransomware that encrypts the hard drive of the computer it infects.

The new had drive encrypting ransomware has been dubbed “Mamba”. It has been found in Brazil, United States and India by researchers at Morphus Labs in Brazil. It has been said that the company was responding to an infection at a customer in the energy sector in Brazil with subsidiaries in the US and India.

Morphus Labs researcher Renato Marinho said that the ransomware is likely being spread via phishing emails.

Basically their method is to infect the machine, replace the Master Boot Record with a custom MBR, encrypt the hard drive.

What is unique to Mamba Ransomware, it encrypts the partition of the hard drive itself using a disk-level cryptography. Most ransomware encrypt individual files but theirs is a totally new approach.

The malware is a Windows threat, and it prevents the infected computer’s operating system from booting up with out a password, which is the decryption key.

The victims are presented with a ransom note demanding one Bitcoin per infected host in exchange for the decryption key and it also includes an ID number for the compromised computer, and an email address where to request the key.

This is not the first of its kind. A few months ago, there was a ransomware named Petya.

Petya was a game-changer among ransomware families. It spread initially among German companies targeting human resources offices. Emails were sent that contained a link to a Dropbox file that installed the ransomware. The malware showed the victim a phony CHKDSK process while it encrypted the Master File Table in the background.

It did not take long and they have decoded Petya’s inner workings and a decryptor is now available. They quickly modified Petya and delivered an alternate payload bundle called Mischa.

So far, Mamba has no decryptor yet so be vigilant and think before you click.

Written by

No Comments Yet.

Leave a Reply

Message

[contact-form-7 id="5555" title="Mobile Form"]