Mamba is the nastiest of all ransomware because it encrypts the entire hard drive and not just the files. It hit India back in 2016, and is back in India with a bang! Kaspersky Labs, Trend Micros and other security researchers confirmed the rise of Mamba and Locky, where the havoc was being caused in Brazil and Saudi Arabia earlier in August 2017, but it is now confirmed that both these ransomware are hitting Indian organisations and users in August 2017. With BitCoin shooting past the $4k mark, Indians will now have to shell out over ~INR 2,50,000 per BTC if they get infected.
Ankush Johar, Director at HumanFirewall.io, a leading provider of human information security awareness and preparedness solutions, comments, “Prevention is better than cure. Backup, Backup, Backup! Even if the Ransomware affects you, the backup will protect your digital assets. After taking backups regularly, take them offline, where possible.”
Mamba (or HDDCRyptor) is a powerful kind of ransomware (a malware that locks users’ files and demands a ransom to release the files) that encrypts the entire disk instead of just encrypting files. It scrambles every sector on the hard drive, including the Master File Table (The place where information about every file and directory on a hard drive is stored), the operating system, shared files and the personal data. The malware installs and activates a copy of the open source software DiskCryptor. DiskCryptor is a Full Disk Encryption (FDE) tool. Once DiskCryptor encrypts a disk, it asks for a password every time a machine reboots.
This password is then used to encrypt everything a user may write on the HDD and decrypt anything that a user wants to read. Mamba uses DiskCryptor and crypts the HDD and the user has no idea about the password. Hence, he/she has no other option than to pay the ransom, else they will lose their data. So, every time a user boots up his/her machine, they get a message informing them about the encryption and asks them to purchase the decryption key
Locky, on the other hand, has been one of the largest distributed ransomware. It works by tricking victims into downloading an attachment. The attachment composes of scrambled, unreadable text with a title asking a user to enable macros (for Microsoft Word). When the victim does so, Locky gets executed and renames all the important files so that they have the extension .locky after encryption. Users can use their PC/laptop for internet and other general stuff, but all their important files are rendered inaccessible.
