Mamba Ransomware makes a Comeback Targeting Saudi Arabia, Brazil

Of the very initial strains of ransomware which instead of files, encrypted computer systems' hard drives, Mamba was one spotted during public attacks. The malware chiefly targeted organizations within Brazil as well as launched one high-profile invasion into the systems of the San Francisco Municipal Transportation Agency in 2017 November.

Though not as big a name as 'Petya' or 'Cryptolocker,' the 'Mamba' ransom software can still cause severe hazards. In 2016 November, it contaminated the network of Muni system during the Thanksgiving period in a weekend which resulted in long train delays while compelled authorities towards closing fare gates and ticket machines at certain stations. During that time there wasn't any identification of Mamba; however, Kaspersky Lab researchers stated it was Mamba's doing as also discovered the malware as emerging within corporate networks inside Saudi Arabia and Brazil during July 2017 or so.

During last year November, Mamba contaminated as many as 900 office PCs that the SFMTA used when it demanded $73,000 for decrypting the resultant locked systems. To be precautious, the bulk transit company arranged for free rides even as the ransomware was mitigated. Notably, according to specialists' recommendations, end-users must maintain system backups as a way out from ransomware effects, while frequently warn that ransom payments are no guarantee that cyber-crooks would keep their word. Thehill.com posted this, August 9, 2017.

Incidentally, soon as Mamba's DiskCryptor gets installed, there occurs rebooting of the victim's computer after which the ransomware locks all of the targeted data-files. There occurs another rebooting after which the ransom note appears on the victim's screen. The victim requires approaching the attackers for knowing the ransom sum. A unique password is generated for every infected system to work the DiskCryptor functionality.

Recently in May-June, the WannaCry ransom software wreaked havoc in Europe while utilizing exploits for security flaws that the NSA discovered which afterwards the Shadow Brokers exposed. Then during late June, NotPetya did the same while added the danger of erasing everything from master boot records (MBRs) on tainted systems.

Brian Bartholomew and Juan Andres Guerrero Saade, security researchers from Kaspersky Lab forecast this trend to go on.

» SPAMfighter News - 8/16/2017