Poisonous Mamba Ransomware Overwrites Your Master Boot Record, Encrypts Your Entire Hard Drive
So far, Mamba has been found on computers located in Brazil, India and even the United States. According to Morphus Labs researcher Renato Marinho, Mamba has been spreading as a result of people being tricked into interacting with phishing emails. Once a user has been “hooked”, Mamba gets down to business by infecting the host machine, and then proceeds to overwrite the PC’s Master Boot Record (MBR).
But whereas most ransomware will encrypt individual files or even entire folders on your PC, Mamba’s dirty little secret is that it will encrypt your entire hard drive. “Mamba encrypts the whole partitions of the disk,” said Marinho. “It uses a disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.”
Since Mamba encrypts entire partitions on infected hard drives, don’t even think about booting into your Windows environment after infection. Instead, you will be faced with a password prompt upon boot:
You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key (firstname.lastname@example.org) YOURID: 123152
And as you might have guessed, you will have to pay in order to obtain the password to decrypt your hard drive and access Windows (and the rest of your files). In this case, the ransom payment amounts to 1 bitcoin, or roughly $600.
Needless to say, Mamba is a pretty nasty package, which is why Morphus Labs named it after the poisonous snake. We want to remind our readers to stay vigilant; ignore suspicious emails (especially from people you don’t recognize) and by all means don’t go surfing into some of the seedier areas of the internet. It’s likely more trouble than it’s worth.