Destructive, disk-encrypting Mamba ransomware springs back to life

Mamba ransomware has suddenly returned and its encrypting whole hard drives of targeted organisations again

 

 

istock-148324787.jpg

Mamba – a breed of snake and a family of ransomware. Image: iStock

 

 

 

 

A powerful form of ransomware which encrypts whole hard drives instead of just files has suddenly returned – and there’s no way for victims to decrypt the data.

Similar tactics have been used in other ransomware attacks, most notably the Petya outbreak, which experts said was designed to outright destroy data rather than claim a ransom.

The return of Mamba ransomware has been flagged by Kaspersky Lab and it comes after researchers suggested that ransomware designed for destruction, rather than extorting a Bitcoin ransom for profit, is set to become the new normal.

While Mamba isn’t a particularly common form of ransomware, it previously claimed a high-profile victim in the form of the San Francisco Municipal Transportation Agency in November last year. The attack forced the operators to temporarily open the gates and allow passengers to travel on the trains for free in order to minimize disruption.

The effectiveness of the ransomware stems partially from using a legitimate open source software tool, DiskCryptor, in order to fully lock down the hard drive of those targeted. Mamba first appeared in September 2016 and mainly targets corporations and large organizations.

Corporations remain the target for Mamba attackers, although this time, researchers note that the attacks are mainly being carried out against targets in Brazil and Saudi Arabia.

There’s currently no decryption tool available to encrypt data locked by Mamba because, as researchers note, it uses such strong encryption algorithms.

It’s also unknown who is behind the Mamba attacks, but the tactics use suggest the work of either a highly organized cybercriminal operation or the work of nation-state backed hackers.

No Comments Yet.

Leave a comment