Mamba ransomware is able to weaponize the full disk encryption software DiskCryptor. The ransomware campaign takes over the network, restricting access to the entire drive and operating system and displaying a ransom note requesting money in exchange for the decryption key.
The FBI discourages paying ransoms, as it does not guarantee a victim will get their data back and it encourages cybercriminals.
Ten guidelines to protect your organization against Mamba Ransomware:
- Regularly back up data and have password protections for backup copies offline. Ensure critical data is not able to be modified or deleted from the network it is on.
- Implement network segmentation by splitting the network into subnetworks.
- Require administrator credentials to install software.
- If DiskCryptor is not used by the organization, add the key artifact files used by DiskCryptor to the organization’s blacklist. Installing DiskCryptor should be avoided.
- Install patch updates as soon as they are released.
- Implement a recovery plan to maintain critical data offline or on a different network.
- Audit user accounts with administrative privileges and allow access controls with the least privilege necessary.
- Add an email banner to messages coming from outside your organizations.
- Provide ample training to educate staff on cyberthreats.
- Regularly change passwords and implement the shortest acceptable time frame for password changes.
To read the full list of recommendations, click here.
More articles on cybersecurity:
Laptop with patient database stolen from Atlanta clinic
New Jersey plastic surgery provider pays $30K to settle HIPAA case
American Hospital Association selects preferred cybersecurity vendor: 5 details
