FBI: Mamba Ransomware Actors Weaponizing Freeware Encryption Tool

Health IT Security

Jessica Davis

The threat actors behind Mamba ransomware are weaponizing DiskCryptor, an open source full disk encryption software. The malware encrypts the entire drive, including the operating system, to restrict victims’ access, according to an FBI TLP White Report for the private sector.

Mamba, or HDDCryptor, was first detected in the wild in mid-2016. In 2019, Trend Micro noted that the ransomware was known to use DiskCryptor to encrypt both the disk and network files, as well as to overwrite the Master Boot Record (MBR).

The actors modified a component of DiskCryptor, a commercially available, freeware software, to scramble disks and mounted SMB drives. The variant also...

Get the Morning Update

Thanks for subscribing!