Cybercriminals have exploited a weakness in encryption software and have used it to deploy Mamba ransomware into computers, according to a March 23 news release from the FBI.
Mamba ransomware is able to weaponize the full disk encryption software DiskCryptor. The ransomware campaign takes over the network, restricting access to the entire drive and operating system and displaying a ransom note requesting money in exchange for the decryption key.
The FBI discourages paying ransoms, as it does not guarantee a victim will get their data back and it encourages cybercriminals.
Ten guidelines to protect your organization against Mamba Ransomware:
- Regularly back up data and have password protections for backup copies offline. Ensure critical data is not able to be modified or deleted from the network it is on.
- Implement network segmentation by splitting the network into subnetworks.
- Require administrator credentials to install software.
- If DiskCryptor is not used by the organization, add the key artifact files used by DiskCryptor to the organization's blacklist. Installing DiskCryptor should be avoided.
- Install patch updates as soon as they are released.
- Implement a recovery plan to maintain critical data offline or on a different network.
- Audit user accounts with administrative privileges and allow access controls with the least privilege necessary.
- Add an email banner to messages coming from outside your organizations.
- Provide ample training to educate staff on cyberthreats.
- Regularly change passwords and implement the shortest acceptable time frame for password changes.
To read the full list of recommendations, click here.