Malware Watch: The Return of Mamba and Locky

16 Aug Malware Watch: The Return of Mamba and Locky

The past few months have seen the dramatic increase in varieties of ransomware, their effects, and their influence echoing across the business world.


In 2017 hackers have developed stronger and stronger strains, pushing the IT security teams in financial institutions and government offices, to patch, secure and back up their files more rigorously than ever before.


Everyone seems well versed in the particularly scary strains of WannaCry, Petya and LeakerLocker which this year shut down systems in hospitals, manufacturing plants, telecommunications operations are other small and large businesses.


However, before the “NewWave” of ransomware attacks this year Mamba and Locky, ransomware was doing all the scaring, leaving IT managers quaking in their boots throughout 2016. For all of you who thought at least we had seen the back of them, we’re sorry, we have some bad news. They’re back.


A Lock to do about nothing:


Surfacing in 2016, Locky has been among the most widely distributed ransomware ever, and at one point was the largest – a headache for IT managers then and now as it has resurfaced earlier this month. A resurgent Locky Diablo6 has found a renaissance through a large email spam campaign – although it is too early to tell if this is a is an attempt to become a large player again, or just a passing fad it is infecting unpatched and unsecured networks.


Locky Diablo6 tricks victims into clicking malicious email attachments, encrypting nearly all files on the victim’s computers. The current malware campaign distributes emails with a malicious word attachment. The telltale signs are subject titles structured like: E(random_number).docx with a simple message: “File Attached. Thanks”.


Taken from BleepingComputer.com

Once encrypted it is not possible for the Diablo variant to be unencrypted. The only way to combat infections is by maintaining regular back ups. This particular strain demands a sum of 0.49 Bitcoin or ($,2079) to restore the victims’ files. Locky distribution has also infected companies in Thailand.


source: https://blog.fortinet.com/2017/08/14/locky-strikes-another-blow-diablo6-variant-starts-spreading-through-spam


The return of the Mamba


A very powerful form of ransomware that encrypts the entire hard drive on infected devices, rendering the complete computer unusable until the ransom is paid, not just certain files. The Mamba virus was unique on release, as it appeared to be motivated by destruction, not by extortion, not requesting Bitcoin payment, however, the new strain appears to unlockable using a key.


It first came to the public attention late last year after a major attack on the San Francisco Transportation Agency, shutting down ticket machines and forcing major delays over the Thanksgiving weekend.


Security firm Kaspersky has found a new campaign distributing Mamba, that is targeting corporate network in Brazil and Saudi Arabia. It is unclear how the ransomware is finding its way into corporate networks, but it is suspected that it may be utilizing exploit kids or accessing through malicious email attachments.


An infected computer shows the below screen, with no immediate pressure for payment.


Source: http://thehackernews.com/2017/08/locky-mamba-ransomware.html


If you need help dealing with Ransomware or would simply just like to secure your network, speak to Aware today. You can follow our top 10 tips to beating ransomware by clicking here.

Claim your free Ransomware protection trial here: http://bit.ly/2yffTYW