Mamba ransomware is currently targeting Windows users in Brazil, India and the United States – Attackers are spreading their campaign through phishing emails.
Ransomware is indeed a growing threat for anything that is connected to the Internet but what Brazil-based security firm Morphus Labs has discovered has surpassed all previous discoveries in this domain. Yes, the IT security researchers at Morphus Labs have discovered a ransomware malware that’s not only locking up victims’ files but also encrypting their hard drives.
Renato Marinho, a researcher at Morphus Labs, states that phishing emails are the main cause behind such a massive distribution of Mamba. When a user gets trapped or hooked through phish email, Mamba takes over and infects the entire system then overwrites the Master Boot Record (MBR) of the computer.
But what makes Mamba the nastiest of all ransomware is that unlike other Regular ransomware, which encrypts files and folders on your PC, Mamba encrypts the entire hard drive.
“Mamba encrypts the whole partitions of the disk. It uses disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files,” states Marinho.
So when Mamba has encrypted the whole disk’s partitions, you cannot even think about booting into the Windows again otherwise be ready to receive a password prompt. Needless to mention, you will have to pay a ransom in Bitcoin in order to get the password, decrypt the hard drive and use your computer again. The asked ransom is rough $600 or 1 Bitcoin. The ransom note is immediately presented to the victim upon rebooting the computer and it also contains the email address where the victim is supposed to ask for the key.
“You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key ([email protected]) YOURID: 123152”
This is probably the reason why Morphus Labs has named the ransomware after the poisonous snake. Previously, Petya ransomware was considered the nastiest as it also caused disk level damage by encrypting the machine’s Master File Table. On the other hand, Mamba uses open source disk encryption tool dubbed as DiskCryptor for compromising the drive.
We highly recommend visiting Morphus Labs’ post on LinkedIn that covers other technical features of Mamba ransomware.
Suggest ideas, report typos, and corrections to [email protected]