At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations.
Attack Geography
We are currently observing attacks against corporations that are located in:
Brazil
Saudi Arabia
Attack Vector
As usual, this group gains access to an organization’s network and uses the psexec utility to execute the ransomware.