The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.
Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Mamba leverages a disk-level encryption strategy instead of the conventional file-based one.
The first sample of Mamba Ransomware discovered in the wild was using the full disk encryption tool DiskCryptor to strongly encrypt the data. DiskCryptor allows users to encrypt all disk drives, including the system partition, it is an alternative to Microsoft’s BitLocker.