The Federal Bureau of Investigation (FBI) this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system.
Also referred to as HDDCryptor and HDD Cryptor, the ransomware has been around for roughly half a decade, and has been abusing DiskCryptor for nearly as long.
An open source tool, DiskCryptor was designed to provide users with the option to encrypt all disk drives, including the system partition. Claiming to provide a better alternative to Microsoft’s BitLocker, the application was released with the purpose of helping users keep their data secure.
The Mamba ransomware, however, is abusing the open source application for malicious purposes, and has been doing so in a multitude of attacks.
[ ALSO READ: Sierra Wireless Says Ransomware Disrupted ]
Some of these incidents, the FBI warns, targeted local governments, legal and technology services, public transportation agencies, and industrial, commercial, manufacturing, and construction entities.
“Mamba ransomware weaponizes DiskCryptor—an open source full disk encryption software—to restrict victim access by encrypting an entire drive, including the operating system,” the FBI notes, adding that DiskCryptor is not a malicious application by nature.
“The ransomware program consists of the open source, off-the-shelf, disk encryption software DiskCryptor wrapped in a program which installs and starts disk encryption in the background using a key of the attacker’s choosing,” the FBI explains.
Upon the installation of DiskCryptor, the system is restarted. Afte ..
Support the originator by clicking the read the rest link below.
