At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations.
We are currently observing attacks against corporations that are located in:
As usual, this group gains access to an organization’s network and uses the psexec utility to execute the ransomware.