Notorious disk-encrypting ransomware 'Mamba' returns in several countries including India

A variant of the notorious disk-encrypting **ransomware** — detected as ‘Mamba ransomware that hit organisations last year — has made a comeback globally, including in India, media reported. [caption id=“attachment_3831153” align=“alignleft” width=“380”]  Representational image. Reuters[/caption] Cyber security firms like Kaspersky Labs and Trend Micro have confirmed the rise of ‘Mamba’ this year. How many Indian firms were hit is yet to be confirmed. The ransomware, also known as ‘HDDCryptor’, is notorious for encrypting hard drives instead of just files. Its return comes after researchers suggested that the ransomware designed for destruction, rather than extorting a Bitcoin ransom for profit, is set to become the new normal. “Analysis on a sample of 62,000 emails linked to the ‘IKARUSdilapidated’ campaign by Comodo Threat Intelligence Lab revealed a sophisticated adversary utilising 11,625 different IP addresses spread across 133 different countries like Vietnam, India, Mexico, Turkey and Indonesia,” ThreatPost reported on Thursday. The behaviour of the ransomware is similar to families like ‘Crysis’ and ‘Erebus Linux’ ransomware that leveraged exploits to gain unauthorised administrator-level access to machines. “If an organisation wants to safeguard its digital assets, create a discipline around backups and take them offline for storage,” said Ankush Johar, Director at HumanFirewall.io, a security solutions provider. ‘Mamba’ had primarily affected some organisations in Brazil and specifically, San Francisco Municipal Transportation Agency last November. ‘Mamba’ ransomware mostly targets big organisations and governmental bodies. It is seen to be spreading as an “exe” file with a numeric name like 141.exe. This file generally is delivered via hacked websites a victim might visit or an already compromised network.