FBI Issues Alert on Mamba Ransomware
March 26, 2021 – Article posted on GovInfoSec
The FBI and the U.S. Department of Homeland Security have issued a warning about Mamba ransomware that uses a weaponized version of the legitimate, open-source encryption software DiskCryptor to lock victims out of their systems.
The alert was likely issued due to a spike in Mamba ransomware attacks spotted by federal authorities, says Drew Schmitt, senior threat intelligence analyst at GuidePoint Security, who says that Mamba warrants a high-level warning is because it’s so difficult to detect and is widely used by attackers.
“The reason ransomware groups such as Mamba are particularly dangerous is because during their ransomware operations, they use applications that can be used legitimately by systems administrators and IT professionals,” Schmitt says. “This makes it more difficult to detect these types of ransomware groups within an environment.”
Mamba, which has been in use since about 2016, does have a flaw. The FBI alert notes that with each attack, there’s a small window of opportunity to recover the password created by the attacker and then recover the system without paying the ransom.
Read More HERE.