The files were encrypted using RSA and AES cryptographic algorithms. Mamai's ransom note states that the victim's company network has been compromised. Screenshot of files encrypted by Mamai ransomware: Based on the note therein, it is evident that Mamai targets companies rather than home users.
It is pertinent to mention that the number in the extension may vary depending on the ransomware's variant.Īfter the encryption process was finished, this ransomware created a ransom-demanding message – " How_to_back_files.html" – and dropped it onto the desktop. Original filename like " 1.jpg" appeared as " 1.jpg.mamai10", " 2.png" as " 2.png.mamai10", etc. Once we executed a sample of Mamai on our test machine, it began encrypting files and appended their filenames with a ". It is part of the MedusaLocker ransomware family. Mamai is the name of a ransomware-type program.
0 kommentar(er)
