A new and extremely dangerous cyber threat has emerged, Mamona Ransomware, which can work even without any internet connection. Security experts say that this malware locks the system files without any online command and also erases the evidence, which makes it very difficult to identify it.
It attacks even without internet
Mamona is completely different from traditional ransomware. While other ransomware works by taking commands from a remote server, Mamona encrypts files without any internet connection. By misusing the ping command of Windows, it creates local encryption keys, which makes it effective even in air-gapped i.e. completely isolated systems from the internet. According to cyber security expert Nihar Pathare, "Ransomware like Mamona is proving that even offline systems are no longer safe. These dangerous software can dodge any security mechanism by evading network monitoring."
How does Mamona spread?
According to cyber experts, Mamona usually spreads through physical devices like USB drives or external hard disks. As soon as a user connects the infected device to the system, this malware gets activated automatically. This ransomware often uses hidden files, auto-run scripts, or codes that deceive the antivirus. Even systems completely disconnected from the Internet are not safe from it, because its attack depends on the physical interaction of the user.
What happens when Mamona gets activated?
Once this ransomware gets activated in the system, it automatically creates encryption keys and displays a ransom note on the screen or as a text file. In this, the user is asked to contact the attacker from another device like mobile or laptop. Sometimes it also involves things like scanning QR code or sending email.
Why is it difficult to catch Mamona?
It does not connect to the internet, so traditional security systems are unable to track it.
Offline systems often have old software, which increases the risk.
Users do not know quickly that the attack has taken place.
USB ports are often without security, due to which it easily enters.
Once activated, it becomes very difficult to remove it.
click and follow Indiaherald WhatsApp channel