Although security researchers had expected the Mamba ransomware strain to become more widespread and popular, that has not been the case so far. To some people, that may come as a relief, even though the real threat is far from over. Sof ar, it is proving to be a challenge for researchers to decode this particular piece of malware. Those who do get infected, however, will not be able to recover their computer at all in most cases.
On paper, Mamba is just like any other type of ransomware that demands a Bitcoin payment from its users. The developers make use of encryption tools to lock users out of their computer, similarly to other types of malware. But where other types of malicious software restrict file access, Mamba goes after the computer hard drive itself.
Mamba Ransomware is A Significant Threat
This poses a significant risk to victims, even if they would be willing to pay the ransom in Bitcoin. Since the malware decrypts the entire hard disk, restoring a backup is out of the question. But paying the demand may not yield a workable solution either, as one never knows if the criminals will provide the required decryption key.
Encrypting the hard disk and altering the Master Boot Record is nothing new in the malware world. Up until now, only one or two types of ransomware had attempted this approach. Petya is perhaps the best-known of the two, and it wreaked havoc across all continents. Mamba takes things one step further, as it scrambles shared files, personal data, the operating system, and all apps.
What this means in layman’s terms is removing the hard disk from the computer and inserting it into a different machine will not help. Mamba ransomware is not tied to the device itself, but it will remain active on the hard drive until decrypted. Buying a new hard drive is a cheaper solution, but it will also result in significant data losses for most people.
Security researchers are unsure as to how Mamba spreads itself. So far, there are no specific email spam campaigns to deliver the payload, even though that is the preferred distribution method for malware in general. While Mamba may not be “in the wild” just yet, computer users need to be aware of these looming threats.
Header image courtesy of Shutterstock