We regret to inform you that we will no longer be publishing Health Data Management. It has been an honor to provide you with the insights and connections to move your career forward. We wish you continued success on your professional journey and welcome you to explore our other titles at www.arizent.com/brands.

New virus disables computers by encrypting hard drives

A new strain of ransomware, called Mamba, is circulating through multiple industries, including healthcare, and crippling computers by encrypting entire hard drives.

So far, there really isn’t much that can be done except pay the ransom to gain a key to decrypt the hard drive, experts say.

Ironically, Mamba emulates protections found in commercial data security products, but uses the protections against the victim, says Keith Fricke, a partner and principal consultant at tw-Security.

In the past, ransomware has targeted individual files or folders. If an organization was victimized, it could still boot up the computer, open Windows, log into Word or some other software program, and access or create files—access was only restricted to files or folders that the ransomware encrypted.

Now, it’s the entire hard drive that is encrypted “and that’s a lot more crippling because you don’t have access to Windows or files,” Fricke warns.

Also See: Nearly half of cloud-based malware delivers ransomware

Mamba totally disables a computing device because it won’t even let Windows load until the ransom is paid, Fricke explains, “So your machine is completely disabled.”

For now, it isn’t known to what extent Mamba affects network servers, but if it does or soon will, that would be even more painful for victims, he notes. “At least with conventional ransomware, the computer is still usable; the encrypted data is what is unavailable. With Mamba, the infected workstation is rendered inoperable. If Mamba were able to apply full disk encryption to a network server, all the users of that server would be impacted.”

Infected computers will display a message demanding ransom along with a web address to a site that explains how to pay the ransom. “So if you don’t have another computer to send email, you will have to find another or use your cellphone,” Fricke advises. “But don’t open the same attachment you opened that gave you Mamba.”

At this time, it looks like there is no way of getting around paying the ransom, Fricke believes. An organization with backups will have to reformat the hard drive, reinstall Windows, reinstall all software programs, and then restore data if it was backed up.

For reprint and licensing requests for this article, click here.