Top

The return of Mamba ransomware

August 10, 2017

Category:

At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations.

Attack Geography

We are currently observing attacks against corporations that are located in:

Brazil

Saudi Arabia

Attack Vector

As usual, this group gains access to an organization’s network and uses the psexec utility to execute the ransomware.

Read More on Securelist