According to security firm Trend Micro, there has been a recent development in ransomware techniques. Ransomware such as HDDCryptor and Mamba can encrypt entire hard drives. This new ransomware targets network resources such as folders, drives, files, serial ports, and printers and then locks down the drive. This is a drastic change from the majority of ransomware which targets specific file types or folders on drives, networks, and removable media.
Mamba is typically distributed through phishing email campaigns that redirect users to malicious websites so it can be downloaded and run in the background. Mamba has been around since January 2016, however, there was a recent surge in its use in August 2016.
HDDCryptor can find previously connected drives or cached disconnected network paths and reconnect them using legitimate credentials. After encrypting files, HDDCryptor rewrites the hard drive and then reboots the computer without any user input. After rebooting, the ransomware note is displayed. At this point, it would be impossible to reboot the computer again without the decryption key. Trend Micro believes HDDCryptor may be using a single-decryption key and for now, the virus only seems to be targeting Windows users.