SYMBOLCOMMON_NAMEaka. SYNONYMS
win.mamba (Back to overview)

Mamba

aka: HDDCryptor, DiskCryptor

According to PCrisk, Mamba is an updated variant of high-risk ransomware called Phobos. After successful infiltration, Mamba encrypts stored files and appends filenames with the ".mamba" extension plus the victim's unique ID and developer's email address.

References
2021-03-23FBIFBI
@techreport{fbi:20210323:alert:e4d63f0, author = {FBI}, title = {{Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor}}, date = {2021-03-23}, institution = {FBI}, url = {https://www.ic3.gov/Media/News/2021/210323.pdf}, language = {English}, urldate = {2021-03-25} } Alert Number CU-000143-MW: Mamba Ransomware Weaponizing DiskCryptor
Mamba
2020-02-25RSA ConferenceJoel DeCapua
@online{decapua:20200225:feds:423f929, author = {Joel DeCapua}, title = {{Feds Fighting Ransomware: How the FBI Investigates and How You Can Help}}, date = {2020-02-25}, organization = {RSA Conference}, url = {https://www.youtube.com/watch?v=LUxOcpIRxmg}, language = {English}, urldate = {2020-03-04} } Feds Fighting Ransomware: How the FBI Investigates and How You Can Help
FastCash Cerber Defray Dharma FriedEx Gandcrab GlobeImposter Mamba Phobos Rapid Ransom REvil Ryuk SamSam Zeus
2017-08-09Kaspersky LabsAnton Ivanov, Orkhan Mamedov
@online{ivanov:20170809:return:124e8c1, author = {Anton Ivanov and Orkhan Mamedov}, title = {{The return of Mamba ransomware}}, date = {2017-08-09}, organization = {Kaspersky Labs}, url = {https://securelist.com/the-return-of-mamba-ransomware/79403/}, language = {English}, urldate = {2019-12-20} } The return of Mamba ransomware
Mamba
2016-09-14Trend MicroStephen Hilt, William Gamazo Sanchez
@online{hilt:20160914:bksod:f75ef88, author = {Stephen Hilt and William Gamazo Sanchez}, title = {{BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs}}, date = {2016-09-14}, organization = {Trend Micro}, url = {http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/}, language = {English}, urldate = {2020-01-09} } BkSoD by Ransomware: HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
Mamba

There is no Yara-Signature yet.