Mamba (also known as HDDCryptor, or by it's variant is a new strain of ransomware that was discovered in September of 2016. It is a Microsoft Windows based application that was found on the hard drives of computers in Brazil, India, and the United States originally by Morphus Labs, an IT security firm based in Brazil. It spreads through phishing emails.


Mamba acts very differently to the ransomware that was previously known, and is similar in operation only to Petya and BadRabbit. Programs such as Cryptolocker, or Locky, would only encrypt files before asking for a payment, while Mamba encrypts the entire hard drive and overwrite the Master Boot Record.

Victims of this infection will find their computers booting to a screen asking for a password, which is the decryption key. The screen also contains a ransom note, asking the user for a payment of 1 bitcoin, along with an ID number generated for the computer and an email at which to request the key.

Unlike Petya, Mamba uses an open source disk encryption tool called DiskCryptor.


How To Remove Mamba Ransomware

How To Remove Mamba Ransomware


Community content is available under CC-BY-SA unless otherwise noted.