Sneaky ransomware attack
Mamona, Polish slang for "money," sneaks into your computer. It gets by your antivirus defenses because it never "phones home" and quickly erases itself.
The new Mamona ransomware can get past your antivirus software and other defenses in all probability. When that happens, all your files will be locked up. Your business grinds to a sudden halt.
How does Mamona do that? It gets past your antivirus protection because, unlike all other ransomware, it never "phones home." That is very unusual behavior.
Mamona poses a particular threat to small firms because it is typically used by small-time cyber criminals. They purchase this commodity ransomware anonymously and choose their own victims. That approach differs from big ransomware gangs that target large businesses and use coordinated departments for breaching, infecting, reconnoitering and negotiating in the course of their ransomware attacks.
Small-time cybercriminals are much more likely to go after smaller targets seeking quick ransom pay-offs. With Mamona they have a threat that uses new methods to avoid detection. Standard antivirus software common in small businesses is no match for it.
Good news about Mamona ransomware
If unfortunately you become a victim of a Mamona attack, There is some excellent news. While good news is good, bear in mind that ransomware continually adapts and spawns new variants. If you are struck by an never-before-seen Mamona variant, none of the news may be good.
First good news: Mamona claims in its ransomware message on your computer that it has stolen your files and will expose them. It cannot do that. The threat is empty because it cannot "phone home" and transfer your files. All it can do is lock up your files with encryption. If you have good backups, you likely can recover rather quickly without paying a ransom.
Second good news: Mamona's encryption is weak. A decrypter has already been created to unlock your files. Currently there is no free decrypter. The companies now offering Mamona decrypters require a payment and you cannot be sure they will be effective.
If you are hit by Mamona, I recommend checking the best free decrypter sources first:
More listed at UpGuard
If those sources do not have a Mamona decrypter, contact the first company to publish about the Mamona threat, ANY.RUN
Third good news: Mamona is not "slow ransomware," which lies in wait, encrypting small batches of files each day for months. That tactic fills your backups with encrypted files making full recovery difficult or impossible. Mamona strikes immediately. That means your most recent backup likely is a good one, unless your backups are exposed. For example, if your backups are on a USB drive or an active network share, ransomware can lock all of them up along with your other files.
Here at SecureMyFirm Inc., we want you to be safe. We offer ransomware-proof cloud backups. We also protect you with special layers of defense that catch attacks missed by your antivirus software. Send us a message to get started with superior protection.