A new and highly dangerous virus has emerged in the cyber world, named Mamona Ransomware. This virus is distinctly different from other ransomware because it doesn't require the internet. It can penetrate a computer without any network connection, lock files, and completely jam the system.
This Virus Attacks Even Without the Internet
The most dangerous aspect of Mamona is its ability to operate without an internet connection. While common ransomware receives instructions from remote servers, Mamona creates encryption keys within the system itself. By misusing Windows' ping command, it establishes a system that can control everything locally. This is why it can easily affect air-gapped systems, i.e., computers completely isolated from the internet.
How Mamona Spreads
Mamona doesn't spread through email attachments or links but through USB drives, external hard disks, and other physical devices. When a user connects such a device, which already contains Mamona, to their system, the virus activates. It establishes itself in the system with the help of hidden files, auto-run scripts, and codes that evade antivirus software.
Often, high-security systems like government departments, research labs, defense institutions, or banking servers are kept completely disconnected from the internet. However, viruses like Mamona are showing that internet disconnection alone is not a guarantee of security.
What Mamona Does Once Inside a System
If Mamona manages to enter a computer, it first starts encrypting files. Then, it leaves a text file on the system's screen or in a folder, containing the ransom demand.
This note explains how the user needs to contact the attacker to retrieve their files. Sometimes, it includes a QR code or instructs them to send a message to a specific email ID. In some cases, payment is demanded in Bitcoin or other cryptocurrencies.
Why Security Systems Cannot Catch Mamona
According to cybersecurity experts, Mamona is extremely difficult to catch because it doesn't connect to any server on the internet, so traditional antivirus or network monitoring tools cannot detect its behavior.
Additionally, its grip becomes ber in systems that are not updated or use older software. Mamona deletes system log files to hide itself, making it even more difficult to determine where and how the attack occurred.
Users Don't Find Out Quickly
A characteristic of Mamona is that it doesn't give any immediate warning. The user doesn't realize anything is wrong until they try to open a file and find it encrypted. By the time the ransom note appears on the screen, it is often too late.
This delayed strategy makes it even more dangerous.
Employee Negligence Becomes a Threat
Often, employees in companies use external USB devices without thinking. A lack of training, awareness, and disregard for security standards provide an opportunity for ransomware like Mamona to thrive.
Furthermore, some files are hidden in names or icons that resemble normal folders or documents. When the user opens these, the virus activates.
Renamed Files, Documents Not Opening – These Are Warning Signs
If files in your system suddenly have their names changed, or a document gives an error when you try to open it, this could be an early symptom of ransomware like Mamona. Additionally, if strange messages start appearing on your screen or you are asked to scan a QR code, you should be cautious.
Offline Thinking is Essential for Cybersecurity
Mamona Ransomware has sent a message to the cybersecurity world that now only online systems are not at risk. Systems disconnected from the internet can also become victims. It has created a new challenge for security experts and has shown how different and unpredictable cyberattacks can become in the future.
