Mamba Ransomware Encrypts Your Hard Drive, Manipulates the Boot Process

By | December 8, 2016

Ransomware

Typical Ransomware behavior involves the encryption of a user’s computer files after they run an executable program, or maybe a Javascript file, in order to lower suspicions. However, a new anxiety of ransomware goes for a bigger piece of the cake, encrypting a whole hard drive apart from the files themselves.

Named Mamba or HDDCrypt, the malware was primarily discovered in the Morpheus Labs in Brazil. It was also found not only in the machines of the United States but also in the machines of India.  Renato Marinho, a researcher at Morpheus Labs said that the malware is supposed to spread via phishing emails and malicious downloads.

 It’s starting overwriting the host computer’s Master Boot Record (MBR) with its individual variant when it infects the machine. And then it will be able to encrypt the hard drive.

 It would imply that if the computer is unlocked, the system would load partially, and it would show the screen controlled by the Mamba Ransomware. It will reject to boot the PC until the decryption key is given, which will set back the user one Bitcoin. It will then use two programs called “mount.exe,” & “dccon.exe.” these are liable for encrypting the files on the computer, and all mapped network drives.

Via Morphus Labs

The ransomware note reads:

“You are Hacked! H.D.D. Encrypted , For Decryption Key Contact Us ([email protected]) YOURID: 789456”

“Mamba encrypts the entire partitions of the disk,” Marinho said. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”

While the Mamba ransomware appears to act a lot like the Petya ransomware, which also manipulates the boot process, the former uses free and legitimate tools. It uses Netpass, a free network password recovery tool, as well as DiskCryptor, an open source disk encryption utility.

 Conclusion:

As per standard, be careful of the website that one visits and the file that one download, as malware such as Mamba is continuously waiting for it’s another victim.