Last year in September, a ransomware called Mamba was discovered by a Morphus Labs security researcher. While typical crypto-malware encrypts a pre-determined set of files, Mamba goes for the bigger slice of the pie and locks up the whole hard drive. It will also manipulate the system’s boot process, ultimately making it impossible to use the computer.
It seems that the cybercriminals behind the malware have recently returned back to target more corporations. According to a blog post by Anton Ivanov and Orkhan Mamedov, malware analysts at Kaspersky Lab, the latest attacks are being carried out against targets in Brazil and Saudi Arabia (It could spread to other countries). Mamba still utilizes the legitimate open source program called DiskCryptor, which is responsible for locking up the entire hard drive.
via Kaspersky Lab
Once this is installed, the system is forced to restart. The malware will now start to modify the Master Boot Record (MBR), and then disk partitions would be encrypted with a password. As soon as the process is complete, another restart will be carried out. Rather than booting to the correct operating system, victims will see a ransom note instead, which reads:
Unfortunately, there are no known methods to decrypt files or drives locked up by the Mamba ransomware. Defenx attributes this to the strong encryption algorithms used by the program.
With such nasty malware out in the wild, it pays to be careful of our activities on the internet. Staying away from malicious websites can help, in order to significantly reduce the risk of having our important files locked up for money.
Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:
- Backup, Backup, Backup!
- Do not open attachments if you do not know who sent them.
- Do not open attachments until you confirm that the person actually sent you them,
- Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
- Make sure you use some sort of security software installed and keep it updated.
Use hard passwords and never reuse the same password at multiple sites.