FBI TLP White Report: Mamba Ransomware Weaponizing DiskCryptor March 23, 2021

Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system. DiskCryptor is not inherently malicious but has been weaponized. Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key. Victims are instructed to contact the actor’s email address to pay the ransom in exchange for the decryption key.

Related Resources

The Russian Foreign Intelligence Service, known as SVR, poses a significant risk to U.S. and allied government networks.
The AHA shares with Senate and House leaders the association’s recommendations for infrastructure investments that should be included in an upcoming…
Health care is increasingly moving to a digital platform. Recent major investments in health information technology, such as electronic health records and…
Issue Landing Page
The AHA has created a panel of a limited number of highly-reputable and qualified cybersecurity service providers to support AHA member hospitals and health…
John Riggi, AHA senior advisor for cybersecurity and risk, testimony before the Senate Homeland Security and Governmental Affairs Committee on defending…
Special Bulletin
Federal agencies this morning are providing new information on an imminent ransomware threat to U.S. hospitals.