While Mamba isn't a particularly common form of ransomware, it claimed a high-profile victim in the form of the San Francisco Municipal Transportation Agency in November last year. The attack forced the operators to temporarily open the gates of ticket barriers and allow passengers to travel on the trains for free in order to minimise disruption.
The effectiveness of the ransomware stems partially from its use of a legitimate open source software tool, DiskCryptor, to fully lock down the hard drive of targeted organisations. Mamba first appeared in September 2016 and mainly targets corporates and other large organisations.
Unlike other forms of ransomware which usually have a set ransom , the attackers behind Mamba alter their demand depending on the number of systems infected.
"For every victim this group is demanding different amounts of bitcoins. This depends on how many endpoints and server were affected," Anton Ivanov, Senior Malware Analyst at Kaspersky Lab told ZDNet.