FBI TLP White Report: Mamba Ransomware Weaponizing DiskCryptor March 23, 2021

Mamba ransomware has been deployed against local governments, public transportation agencies, legal services, technology services, industrial, commercial, manufacturing, and construction businesses. Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software— to restrict victim access by encrypting an entire drive, including the operating system. DiskCryptor is not inherently malicious but has been weaponized. Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key. Victims are instructed to contact the actor’s email address to pay the ransom in exchange for the decryption key. View the entire report under Key Resources.