After WannaCry, Mamba and Locky ransomware return to India

Mamba ransomware attack is known to be the nastiest malware of all, as instead of affecting files, it takes over the entire hard disk.

In today’s time, cyberphobia seems absolutely legitimate. There are phenomenons like the Blue Whale challenge, hacks (think of the repeated HBO and Game of Thrones attack, Yahoo servers hack, Pokémon Go server hack), and then the ransomware attacks, that include WannaCry, Petya, EternalRocks, among others. Just earlier today, it was reported that the WannaCry ransomware has unfortunately found its way to Delhi, wherein 200 systems were found to be affected. And now inching us closer to the phobia, the nasty Mamba or HDDCryptor ransomware has returned to India.

Kaspersky Labs, Trend Micros, and other security researchers confirmed the rise of Mamba and Locky, when the havoc was being caused in Brazil and Saudi Arabia earlier this month. However, it has now been found that both these ransomware are hitting organizations, and users in India.

What is Mamba ransomware?

Mamba ransomware is believed to be the worst of all malware as it encrypts hard drives, instead of just files. It scrambles every sector on the hard drive, including the Master File Table (where information about every file, and directory on a hard drive is stored), the operating system, shared files, and personal data. The malware installs, and activates a copy of the open source software DiskCryptor. DiskCryptor is a Full Disk Encryption (FDE) tool. Once DiskCryptor encrypts a disk, it asks for a password every time a machine reboots. This password is then used to encrypt everything you may write on the HDD, and decrypt anything that you want to read.

So basically, Mamba uses DiskCryptor, and crypts the HDD and a user would have no idea about the password. Hence, he/she has no other option than to pay the ransom, else they will lose their data. So, every time a user boots up their machine, they’d receive a message alerting them about the encryption, and asks them to purchase the decryption key.

What is Locky ransomware?

The Locky ransomware, on the other hand, has been one of the largest distributed ransomware, and it works by tricking victims into downloading an attachment. The attachment composes of scrambled, unreadable text with a title asking a user to enable macros (for Microsoft Word). When the victim does so, Locky gets executed and renames all the important files so that they have the extension .locky after encryption. Users can use their system for internet browsing, and other general stuff, but all their important files are rendered inaccessible. Locky demands a ransom amount of 0.25-1 Bitcoin, whereas, Mamba doesn’t have a fixed ransom.

When were Mamba and Locky first spotted?

Mamba was first spotted in September 2016, when experts discovered the infection of machines belonging to an energy company in Brazil with subsidiaries in the United States and India. At that time Bitcoin was valued at $650. At present, Bitcoin costs a mind boggling $4,000, which means, for an Indian hit by the ransomware, will have to shell out over Rs 250,000 per Bitcoin.

Locky ransomware was first released in 2016, it was delivered through email. The victim received an email masquerading as a company’s invoice, and containing a Microsoft Word file. On opening the file, the user sees that the content is scrambled and a message that states “Enable macro if data encoding is incorrect,” a social engineering technique. 

How can you protect yourself?

Giving a word of advice, Ankush Johar, Director at HumanFirewall says, “Prevention is better than cure. Backup, Backup, Backup! Even if the Ransomware affects you, the backup will protect your digital assets. After taking backups regularly, take them offline, where possible.”

“Phishing is at the heart of these ransomware attacks. This is easiest and the most common point of entry. Humans are the weakest link in cyber security and malicious actors know this all too well. If an organization wants to safeguard its digital assets, create a discipline around Backups, and taking them offline for storage.”

Besides that, there are some other things you must keep in mind to stay safe from some attacks. Firstly, always use the latest operating system. Make sure your automatic updates are enabled, and downloaded regularly. Also, ensure firewall is enabled to block all network based attacks. Further, considering how Locky works, never click or download anything on emails from untrusted sources; make sure the email is from a trusted party, only then download the attachments. Finally, use a proper, regularly updated Antivirus.

Source:BGR