By Danny Palmer
A powerful form of ransomware, which encrypts whole hard drives instead of just files, has suddenly returned — and there’s no way for victims to decrypt the data. Similar tactics have been used in other ransomware attacks, most notably Petya, which experts said was designed to outright destroy data rather than generate ransom money.
The return of Mamba ransomware has been flagged by Kaspersky Lab. Its return comes after researchers recently suggested that ransomware designed for destruction, rather than extorting a Bitcoin ransom for profit, is set to become the new normal.
While Mamba isn’t a particularly common form of ransomware, it claimed a high-profile victim in the form of the San Francisco Municipal Transportation Agency in November last year. The attack forced the operators to temporarily open the gates of ticket barriers and allow passengers to travel on the trains for free in order to minimise disruption.
The effectiveness of the ransomware stems partially from its use of a legitimate open source software tool, DiskCryptor, to fully lock down the hard drive of targeted organisations. Mamba first appeared in September 2016 and mainly targets corporates and other large organisations.