The Nastiest of all Ransomware Mamba Encrypts Entire Hard Drive

Mamba ransomware is currently targeting Windows users in Brazil, India and the United States – Attackers are spreading their campaign through phishing emails.

Ransomware is indeed a growing threat for anything that is connected to the Internet but what Brazil-based security firm Morphus Labs has discovered has surpassed all previous discoveries in this domain. Yes, the IT security researchers at Morphus Labs have discovered a ransomware malware that’s not only locking up victims’ files but also encrypting their hard drives.

Mamba ransomware is attacking computer around the globe; it is a Windows-based ransomware that was discovered to be infecting computers in Brazil, India and the United States.

Renato Marinho, a researcher at Morphus Labs, states that phishing emails are the main cause behind such a massive distribution of Mamba. When a user gets trapped or hooked through phish email, Mamba takes over and infects the entire system then overwrites the Master Boot Record (MBR) of the computer.

Screenshot of ransom message after Mamba starts booting process

But what makes Mamba the nastiest of all ransomware is that unlike other Regular ransomware, which encrypts files and folders on your PC, Mamba encrypts the entire hard drive.

“Mamba encrypts the whole partitions of the disk. It uses disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files,” states Marinho.

So when Mamba has encrypted the whole disk’s partitions, you cannot even think about booting into the Windows again otherwise be ready to receive a password prompt. Needless to mention, you will have to pay a ransom in Bitcoin in order to get the password, decrypt the hard drive and use your computer again. The asked ransom is rough $600 or 1 Bitcoin. The ransom note is immediately presented to the victim upon rebooting the computer and it also contains the email address where the victim is supposed to ask for the key.

“You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key ([email protected]) YOURID: 123152”


This is probably the reason why Morphus Labs has named the ransomware after the poisonous snake. Previously, Petya ransomware was considered the nastiest as it also caused disk level damage by encrypting the machine’s Master File Table. On the other hand, Mamba uses open source disk encryption tool dubbed as DiskCryptor for compromising the drive.

We highly recommend visiting Morphus Labs’ post on LinkedIn that covers other technical features of Mamba ransomware.

Did you enjoy reading this article? Kindly do like our page on Facebook, follow us on Twitter and Google + and help us grow.

Suggest ideas, report typos, and corrections to [email protected]

Related Posts