You probably have heard of the HDDCryptor ransomware that has been around since at least 2016. It has now got a change of name and goes by Mamba. The FBI has issued an alert warning of the latest activities of this ransomware. 

What’s going on?

The FBI has issued an alert warning of the deployment of Mamba ransomware against local governments, tech services, legal services, public transportation agencies, and industrial, construction, manufacturing, and commercial businesses. It weaponizes DiskCryptor and restricts access by encrypting the drive in its entirety. 

Why does it matter?

Ransomware attacks have been going up since the pandemic hit. Although Mamba attacks are common, they are not as ubiquitous as the others, such as REvil and LockBit. Moreover, attacks cannot be tracked via ID-Ransomware since victims are unable to boot OS and upload encrypted artifacts. 

Other FBI alerts

Mamba is not the only threat that has been warned of by the FBI. lately, there have been quite a few threats that the agency warned against. 
  • Recently, the FBI had issued a warning against the Pysa ransomware targeting educational institutions. 
  • The FBI and CISA issued a joint alert, warning of TrickBot attacks via traffic infringement phishing schemes. 
  • The agency published a warning against scammers spoofing the Bureau’s phone numbers in government impersonation fraud schemes. 

The bottom line

The FBI advises to not pay the ransom as it doesn’t ensure complete recovery of files. Moreover, it encourages threat actors to keep up their game and wreak as much damage as possible. Nevertheless, organizations sometimes have to end up paying the ransom, especially with the devious extortion tactics employed by ransomware operators. Therefore, it is advised to follow the recommendations set out by the agency and report ransomware incidents to the IC3.

Cyware Publisher