Mamba Ransomware Alert

March 30, 2021 - 3 minutes read

FBI alerts on Mamba ransomware

On March 23rd, 2021, the Federal Bureau of Investigation (FBI) sent out an alert for Mamba ransomware. According to the FBI, Mamba ransomware is targeting “legal services, technology services, industrial, commercial, manufacturing, and construction businesses,” along with local government agencies.

If your small business falls into any of the noted industries above, it is important to take extra notice of this alert. If your small business does not fall into one of these industries, it is still important to be aware of this threat.

Why this matters to your small business

Mamba ransomware seeks to encrypt your entire hard drive of your device using an open source encryption tool called DiskCryptor. This means, once encrypted you can no longer access the data on the drives, potentially halting all business.

Once encrypted, a note from the cyberattacker alerting you they encrypted your device and are asking for a ransom will appear. You will see their email address displayed, the ransomware file name, your device name, and a place to enter the decryption key. The cyberattacker will then request for you to pay a ransom in order to decrypt your devices.

The FBI provides technical details that might provide you the decryption key

“The ransomware extracts a set of files and installs an encryption service. The ransomware program restarts the system about two minutes after installation of DiskCryptor to complete driver installation.

The encryption key and the shutdown time variable are saved to the configuration file (myConf.txt) and is readable until the second restart about two hours later which concludes the encryption and displays the ransom note.

If any of the DiskCryptor files are detected, attempts should be made to determine if the myConf.txt is still accessible. If so, then the password can be recovered without paying the ransom. This opportunity is limited to the point in which the system reboots for the second time.”

What is Ransomware and How to Protect Against It

Checkout our previous Security Byte to learn more about ransomware and on how to protect against ransomware. This alert from the FBI also provides great steps you can take to protect your small business from ransomware.

How Ransomware Installs on Your Devices and Network

Ransomware is typically installed through social engineering attacks. These attacks typically include phishing emails with malicious attachments or links. Sometimes these links will take you to fake websites impersonating legitimate websites.

For more information on ransomware, check out our white paper and tipsheet. For more information on cybersecurity checkout out Small Business, Big Threat.