You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Everything You Should Know About Mamba Ransomware

Everything You Should Know About Mamba Ransomware
Everything You Should Know About Mamba Ransomware- September 22, 2016
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/mamba-snake.jpg)
The year 2016 is definitely going to be the year of Ransomware. In this year we have already witnessed some of the biggest names among Ransomwares such as Cerber and its variants, FairWare, Petya, Wildfire, and Zepto. And now a new player Mamba Ransomware has joined the league. The name Mamba comes from the deadly snake specie found in Central and Southern Africa.
The Ransomware Mamba has been found in India, Brazil and the United States. It was discovered by a Brazilian company Morphus Labs when it was investigating an infection at an energy firm which has its subsidiaries in India and the United States.
Source: Morphus Labs
As per the security experts at Morphus Labs, the Ransomware is being spread via emails through “phishing”. Once the user is tricked into downloading the infected file that comes as an attachment in the email, the malware installs and gets executed. Thereafter it overwrites the existing Master Boot Record with a custom MBR after which it encrypts the hard drive. Mamba uses disk-level cryptography to encrypt the whole partitions of the disk. In this sense it is quite advanced from other Ransomware that still use the traditional strategy of encrypting individual files. The malware targets the Windows operating system. Once the system is infected with Mamba it prevents it from booting up without a password. The password is infact the decryption key which the hackers provide only after a ransom is paid in Bitcoins. The hackers behind Mamba are demanding a ransom of one Bitcoin per infected host for providing the decryption key.
The disk-level cryptography used in Mamba is somewhat similar to the one used in Petya as both are targeting the disks. While Petya encrypts the Master File Table, Mamba on the other hand locks up the hard drives using an open source disk encryption tool called DiskCryptor. It is with this tool that Mamba encrypts the entire hard drive and not the individual files.
- +1 Aware
Get such articles in your inbox
News
-
Previous News How to Protect Your Account After the Yahoo Attack
- September 23, 2016
- |
- Incident Response, Learnings
-
Next News 4 Steps You need to take if you are a victim of Data Theft
- September 20, 2016
- |
- Security Tips and Advice
Popular News
Related News
-
Latest POS Malware Attacks Are Becoming More Aggressive
- December 15, 2016
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
Previous News How to Protect Your Account After the Yahoo Attack
- September 23, 2016
- |
- Incident Response, Learnings
-
Next News 4 Steps You need to take if you are a victim of Data Theft
- September 20, 2016
- |
- Security Tips and Advice
Popular News
Related News
-
Latest POS Malware Attacks Are Becoming More Aggressive
- December 15, 2016
- |
- Malware and Vulnerabilities
Categories
