Mamba (Malware Family)

Mamba

aka: HDDCryptor, DiskCryptor

According to PCrisk, Mamba is an updated variant of high-risk ransomware called Phobos. After successful infiltration, Mamba encrypts stored files and appends filenames with the ".mamba" extension plus the victim's unique ID and developer's email address.

References

2021-03-23 ⋅ FBI ⋅ FBI
Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor
Mamba

2020-02-25 ⋅ RSA Conference ⋅ Joel DeCapua
Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus

2017-08-09 ⋅ Kaspersky Labs ⋅ Anton Ivanov, Orkhan Mamedov
The return of Mamba ransomware
Mamba

2016-09-14 ⋅ Trend Micro ⋅ Stephen Hilt, William Gamazo Sanchez
BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
Mamba

There is no Yara-Signature yet.

Mamba Propose Change

References

Mamba