Security researchers at Morphus Labs reported about a new ransomware called Mamba, which encrypts the victim’s whole hard drive. Recent reports show it spreading around Brazil, India, and the United States through phishing emails. Mamba ransomware attacks Windows computers and overwrites the MBR (Master Boot Record) and upon restart the victim will get a screen similar to the one above.
According to Morphus Labs:
Mamba encrypts the whole partitions of the disk. It uses disk-level cryptography and not a traditional strategy of other ransomware that encrypts individual files.
“You are Hacked ! H.D.D Encrypted, Contact Us For Decryption Key (firstname.lastname@example.org) YOURID: 123152”. This message is all that remains for the victims of this new Ransomware. To get the decryption key, it’s necessary to contact somebody through the informed e-mail address, give the ID and pay 1 BTC per infected host.
For more detailed information about the research, visit Morphus Labs post on LinkedIn.