Ransomware that hit San Francisco's transit system resurfacing in Brazil, Saudi Arabia: report

Ransomware that hit San Francisco's transit system resurfacing in Brazil, Saudi Arabia: report
© Getty Images

Researchers at Kaspersky Labs say companies in Saudi Arabia and Brazil are being targeted by Mamba — the same ransomware that struck the San Francisco Municipal Transportation Agency (SFMTA) in November.

Mamba encrypts hard drives using a legitimate tool called DiskCryptor and charges for the decryption key. 

ADVERTISEMENT
In November, Mamba infected 900 office computers used by the SFMTA, demanding $73,000 to decrypt them. As a precaution, the mass transit group offered free rides while it mitigated the ransomware.  

Experts recommend that users keep system backups in case of ransomware attacks, and often caution that paying a ransom is no guarantee criminals will uphold their end of the bargain.