You are currently viewing Mamba Ransomware: FBI avisa del riesgo creciente de esta amenaza

Mamba Ransomware: FBI warns of growing risk of this threat

On Tuesday, March 23, the FBI announced considerations and concerns about the growth of attacks based on Mamba Ransomware against government and private sector organizations.

Details

The US Federal Bureau of Investigation sent this week (Tuesday, March 25) issued a private industry-identified threat notification to US organizations warning of attacks carried out by the Mamba ransomware gang, along with instructions to Consider to defend yourself, basic information on how organizations can recover from an attack if the intrusion is detected in its early stages.

In their alert Tuesday, FBI officials said the ransomware "has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing and construction companies." In the past, perhaps as in collateral damage, these campaigns reached Latin America, that is why DEFENSIONE issues this early warning, anticipating possible future attacks related to this adversary.

Mamba has been known as HDDCryptor since mid-2016. His most recognized case (in 2018) is that of the affectation of the Moscow cable car system, affecting its ordinary operation by this infection.

WHAT DO WE KNOW ABOUT MAMBA?

A reloaded ransomware

On November 30, 2018, open sources reported that Moscow's new cable car system was infected with ransomware two days after its launch. The infection started on Wednesday, November 28, 2018 and infected the servers of the Moscow Ropeway (MKD), which was tasked with configuring and managing the cable car service. MKD temporarily suspended cable car service once they realized their systems were under attack and were given the go-ahead to restore service on November 30, 2018. They had been silent until the last 60 days, DefensiONE has observed a growth based on the new known hashes that show direct relationship with Mamba being on March 24, so far, the highest peak of new related hashes Mamba shows changes in its new versions, however, they seem small updates throughout the years, but its basic principles remained the same, that is, it will first encrypt the data on the victim's hard drive and then rewrite the MBR (Master Boot Record) section of the disk.

Share this note on:

ONE-PLACE THREAT INTELLIGENCE CENTER

© 2021 by DEFENSIONE. Cybersecurity | Defense and Response. Developed by BALUTEK.