FBI: Mamba Ransomware Actors Weaponizing Freeware Encryption Tool
Health IT Security
The threat actors behind Mamba ransomware are weaponizing DiskCryptor, an open source full disk encryption software. The malware encrypts the entire drive, including the operating system, to restrict victims’ access, according to an FBI TLP White Report for the private sector.
Mamba, or HDDCryptor, was first detected in the wild in mid-2016. In 2019, Trend Micro noted that the ransomware was known to use DiskCryptor to encrypt both the disk and network files, as well as to overwrite the Master Boot Record (MBR).
The actors modified a component of DiskCryptor, a commercially available, freeware software, to scramble disks and mounted SMB drives. The variant also...