Mamba Ransomware Analysis

Discover Actionable Threat Intelligence from LogRhythm Labs

In September 2016, a strain of ransomware was discovered in the wild that performed full disc encryption named Mamba. This ransomware strain now appears to be recirculating.

The ransomware includes a DiskCryptor tool capable of using strong encryption algorithms to make recovering the encrypted disc content next to impossible.

Read the full LogRhythm Labs threat intelligence to learn:

  • How Mamba ransomware executes
  • The Base64 encoding Mamba uses
  • LogRhythm signatures for Mamba detection