HDD Encrypt Ransomware
The HDD Encrypt Ransomware was discovered by a researcher named Renato Marinho and it is the first Full Disk Encryption (FDE) Ransomware on the cryptomalware theater. Malware researchers may refer to the HDD Encrypt Ransomware as the Mamba Ransomware because it paralyzes the infected computer and does not allow the user to access the desktop and files. Unlike the Petya Ransomware that encrypts the Master File Table (MFT) record to revoke access to the data, the HDD Encrypt Ransomware uses disk-level encryption. The HDD Encrypt Ransomware is reported to run as 'DiskCryptor' process on the compromised PC.
We are not sure how the HDD Encrypt Ransomware is propagated among users, but it is likely that its operators are using tools like the RIG Exploit Kit and spam mail loaded with Trojan Droppers. As stated above, the HDD Encrypt (Mamba) Ransomware can lock the entire local drive and researchers are working on finding its vulnerabilities. The analysis is hindered by the full encryption which hides most of Mamba. The HDD Encrypt Ransomware may run in the system background and encode files that are rarely accessed first. Then, the Mamba cryptomalware proceeds to lock other data and tightens its grip on the drive by encrypting the files you opened during your last session or on the next system boot.
The ransom screen includes information on the PC's boot manager such as its manufacturer, as well as statistics on the encrypted drive. The note itself is not a text file but a screen that is loaded upon system start. The message displayed by the HDD Encrypt (Mamba) Ransomware reads as follows:
'[Boot Manager version]
[Manufacturer]
PXE-E61: Media test failure, check cable
PXE-M8F Existing [Boot Manager]
You are Hacked ! H.D.D. Encrypted, Contact Us For Decryption Key (w889901665@yandex.com)
YOURID: [your authentication code]'
Users are suggested to contact the threat actors on w889901665@yandex.com via email. Researchers wrote to w889901665@yandex.com and were welcomed to pay 1 Bitcoin which equals to 600 USD. Experts do not encourage users to deliver payment since the HDD Encrypt Ransomware may not load a decryptor, and you may lose your money and data. Instead, you should seek an alternative solution like re-installing Windows and incorporate a reputable anti-malware shield. It would be perfectt if you have a clean backup image and can use it to restore your data.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.