Mamona ransomware lowers the bar with offline encryption
Mamona ransomware is a simple “commodity” ransomware strain that works completely offline, lowering the bar for entry for less sophisticated attackers, threat intelligence analyst Mauro Eldritch reported in an analysis of the strain published on the ANY.RUN blog Tuesday.
In contrast to ransomware-as-a-service (RaaS) schemes, where the ransomware developer works with affiliates and takes a cut of the profits, commodity ransomware operators simply sell the ransomware builder without any further contract.
In the case of Mamona, attackers don’t even need to set up command-and-control (C2) infrastructure, as the ransomware works completely offline, encrypting files using a “homemade” routine that does not rely on standard cryptographic libraries or APIs.
Read more at SC Media