Security News > 2021 > March > Mamba Ransomware Leverages DiskCryptor for Encryption, FBI Warns

Mamba Ransomware Leverages DiskCryptor for Encryption, FBI Warns
2021-03-25 15:36

The Federal Bureau of Investigation this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system.

The Mamba ransomware is abusing the open source application for malicious purposes, and has been doing so in a multitude of attacks.

"Mamba ransomware weaponizes DiskCryptor-an open source full disk encryption software-to restrict victim access by encrypting an entire drive, including the operating system," the FBI notes, adding that DiskCryptor is not a malicious application by nature.

"The ransomware program consists of the open source, off-the-shelf, disk encryption software DiskCryptor wrapped in a program which installs and starts disk encryption in the background using a key of the attacker's choosing," the FBI explains.

The FBI notes that the ransomware saves the encryption key, along with the shutdown time variable, to a configuration file named myConf.

"The FBI does not encourage paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities," the FBI notes.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/33oFGeMNbuw/mamba-ransomware-leverages-diskcryptor-encryption-fbi-warns