Mamba ransomware is back and more dangerous

This year we have experienced the WannaCry ransomware attack, which turned the security of thousands of computers around the world upside down. Before this ransonware, at the end of last year, one called Mamba already appeared. Although, shortly after attacking the San Francisco municipal transportation network, he stopped acting.

Mamba ransomware is back and more dangerous

After almost a year with no news from Mamba, the ransomware is back. And it does it with more force and danger than it has done until now. Apparently, the ransomware has been detected again and it is known how it manages to get into Windows computers.

How Mamba works

The ransomware appears to be infecting users through DiskCryptor. A free application to encrypt hard drives in Windows. Thanks to this tool they manage to sneak into the users' computers. When entering the computer, what it does is create a directory on the hard drive. And in this way it will impersonate a web page server and once created, move the binary to the directory in question.

Once this is done, install DiskCryptor and the computer restarts. And there begins the second phase. Since from now on, you will have full access to the operating system. On this occasion, Mamba is a ransomware that seeks to directly attack the MBR.

So far, attacks have only been detected in Brazil and Saudi Arabia, but experts expect attacks in Europe very soon. The main measure to protect yourself is to be careful with what we download online and with the emails with attachments that we receive. It is good to keep an eye and avoid being infected by Mamba.