Mamba Ransomware Springs Back to Life
August 12, 2017
Shah Sheikh (1294 articles)

Mamba Ransomware Springs Back to Life

A powerful form of ransomware, which encrypts whole hard drives instead of just files, has suddenly returned — and there’s no way for victims to decrypt the data.

Similar tactics have been used in other ransomware attacks, most notably Petya, which experts said was designed to outright destroy data rather than generate ransom money.

The return of Mamba ransomware has been flagged by Kaspersky Lab. Its return comes after researchers recently suggested that ransomware designed for destruction, rather than extorting a Bitcoin ransom for profit, is set to become the new normal.


While Mamba isn’t a particularly common form of ransomware, it claimed a high-profile victim in the form of the San Francisco Municipal Transportation Agency in November last year. The attack forced the operators to temporarily open the gates of ticket barriers and allow passengers to travel on the trains for free in order to minimise disruption.

The effectiveness of the ransomware stems partially from its use of a legitimate open source software tool, DiskCryptor, to fully lock down the hard drive of targeted organisations.

Corporations remain the target for those behind Mamba, although this time, researchers note that the ransomware is mainly being directed against targets in Brazil and Saudi Arabia.

There’s currently no tool available to decrypt data locked by Mamba because, as researchers note, it uses such strong encryption algorithms.

Source | ZD Net