Disk-Locking Mamba/HDDCryptor Ransomware Is Back Again

Disc locking Mamba/HDDCryptor has makes a comeback:

Mamba was the first example of Ransomware that encrypted hard drives instead of files that was recognized in public attacks, firstly against organization in Brazil and in a high-profile invasion against the San Francisco Municipal Transportation Agency last November. This Ransomware is also identified as HDDCryptor Ransomware, it rewrites a computer’s MBR (Master Boot Record) sectors and locks users out of their own PCs.

Analysts at Kaspersky Lab have noticed an activities started on 9 august has brought Mamba/HDDcrptor in the spotlight. In a report that another variant of Mamba infection has made a comeback in Brazil, Saudi Arabia and India.

A ransom note appears on screen demands no money unlike the original Mamba infections. Instead, it just claims that data has been encrypted and they have provided two email addresses and an ID number in order to recover the encryption key.

Unluckily there is no other option to decrypt data that has been encrypted with the DiskCryptor because they have utilized a strong encrypting algorithms. The report has suggested that the group behind this malicious infection attacks Brazil and Saudi Arabia has used the PSEXEC utility to make the malware run in the corporate network once it has a foothold. 

“It has to be mention that for each machine in a victim’s network, the threat generates a password for the DiskCryptor use,”. This password is passed via command line arguments to the ransomware dropper.

The malware is the most recent example expanding a pattern of attackers camouflaging damage inside a Ransomware attack, which started with Petya and locky in mid-2016 and topped in the current year with the ExPetr/NotPetya wiper malware attacks. It's obscure who is behind the latest Mamba attack, regardless of whether it's a country state or a criminal venture.

"Examination on a sample of 62,000 email links to the 'IKARUSdilapidated' crusade by Comodo Threat Intelligence Lab uncovered an advanced foe using 11,625 different IP addresses to spread crosswise over 133 unique nations like Vietnam, India, Mexico, Turkey and Indonesia,".

 Also Read: SupTab Adware – How To Remove PUP.SupTab From Computer? 

Ransomware-based programs are generally unsafe and vindictive. This is one of the speediest developing sorts of infections on the planet. There are different subtypes of Ransomware:

1. Mobile-based Ransomware – these projects attack cell phones, bolt their screens up and after that demand ransom for making the screens open to the casualty users once more.
2. Screen locking Ransomware – what is run of the mill of this subtype is the way that no files are truly encoded. Such a program match with mobile Ransomware, however, trouble the PCs. Just the screen is locked and after that ransom amount is needed for opening or unlocking it.
3. Government-misused Ransomware – some state security offices utilize Ransomware-based programs to battle cybercrime, for instance, or violation of copyright policies. The program would lock up the criminal's PC and a fine will be required for decrypting it.
4. The renowned file locking Ransomware – this is the most broadly spread kind of infections. The ones of this subgroup contaminate your PC, gather information about the files you utilize most and after that encrypt them, mostly with a double key. This current key's two sections are distinctive – the Public one you get directly after the process of encoding your documents has been done. For the second part the programmers, who are assaulting you, need payment and you get an exceptional notice on your screen telling you, how and in what money you should pay (mainly in bitcoins). There could even be a particular due date expressed on that note, if you fail to pay ransom on the given date and time then the amount will be doubled or they will delete your data for not paying the ransom as it is of no use for them.
5. HDD-encrypting Ransomware – these infections normally focus on your HDD, changing the Master Boot Record with the goal that you are not in any case ready to boot your PC into Windows.

What may work in the battle against such an infection?

Unfortunately, the fact of the matter is such a variant of malware is a great difficulty to be neutralized. The influenced users may require exceptional counsel or tips from an expert or the assistance of a great anti-malware to win such a fight against Mamba Ransomware. What is considerably more irritating is the fact that even after paying the asked ransom may not be what it takes to set your encrypted files free. The programmers may very well disappear with your cash and leave your encrypted data blocked for forever. That is the reason we prescribe that you don't decide to quickly pay the requested ransom. What we can encourage you to do is to endeavor to cure this dreadful tainting with the assistance of different means – software, tools, tips or the help of specialists. Have a go at everything before you continue with giving your cash to hoodlums, in light of the fact that paying them may even be viewed as a wrongdoing.

You may endeavor to save your documents and devastate the infection by means of utilizing our own Removal Guide on this page. We don't guarantee that these tips will enable you to decrypt your files, however they will absolutely help to remove Mamba. In any case, it won’t hurt you if you attempt as you don't have anything to lose. Another conceivable choice which is fairly savvy is to go and see an expert who has managed comparable infection in the recent time. Such specialists could be an awesome help since they may have their own particular know-how.

Download Free Removal Tool

 Also Read: Istartsurf.com Virus – How To Remove Istartsurf Browser Redirect? 

How to temporarily disable Mamba Ransomware in Safe Mode with Command Prompt:

Step – 1 (enter safe mode)

1. Steps to be followed to enter the safe mode Win XP/Vista/7
2. Click start, then shutdown, then restart.
3. While the computer is booting up at the very first screen start tapping F8 until you see the advanced boot options.
4. In the advanced boot option’s, you need to select safe mode with Command prompt from the list of given options.

Steps to be followed to enter safe mode in Win 8/10.

1. On the windows login screen, you need to press the power option.
2. Now, press and hold the shift key on the keyboard, and then click restart.
3. Now, among the list of options you need to select Troubleshoot, and then advanced options, then startup settings and finally press restart.
4. Once your computer restarts and gives you the list of startup options you need to select Enable Safe Mode with Command prompt. 

Step – 2 (Restore system)

1. Once you see the command prompt windows, type in cd restore and hit enter on the keyboard.
2. Now, type rstrui.exe and hit Enter again.
3. Then you would see new windows, click on next over there and select a restore point that is before the date of infection.
4. Then, click next and followed by yes.
5. After temporarily disabling the ransomware, we need to create a strong firewall to fight against such intrusions and prevent them in future.