A new strain of ransomware, called Mamba, is circulating through multiple industries, including healthcare, and crippling computers by encrypting entire hard drives.
So far, there really isn’t much that can be done except pay the ransom to gain a key to decrypt the hard drive, experts say.
Ironically, Mamba emulates protections found in commercial data security products, but uses the protections against the victim, says Keith Fricke, a partner and principal consultant at tw-Security.
In the past, ransomware has targeted individual files or folders. If an organization was victimized, it could still boot up the computer, open Windows, log into Word or some other software program, and access or create files—access was only restricted to files or folders that the ransomware encrypted.
Now, it’s the entire hard drive that is encrypted “and that’s a lot more crippling because you don’t have access to Windows or files,” Fricke warns.
Mamba totally disables a computing device because it won’t even let Windows load until the ransom is paid, Fricke explains, “So your machine is completely disabled.”
For now, it isn’t known to what extent Mamba affects network servers, but if it does or soon will, that would be even more painful for victims, he notes. “At least with conventional ransomware, the computer is still usable; the encrypted data is what is unavailable. With Mamba, the infected workstation is rendered inoperable. If Mamba were able to apply full disk encryption to a network server, all the users of that server would be impacted.”
Infected computers will display a message demanding ransom along with a web address to a site that explains how to pay the ransom. “So if you don’t have another computer to send email, you will have to find another or use your cellphone,” Fricke advises. “But don’t open the same attachment you opened that gave you Mamba.”
At this time, it looks like there is no way of getting around paying the ransom, Fricke believes. An organization with backups will have to reformat the hard drive, reinstall Windows, reinstall all software programs, and then restore data if it was backed up.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access