Create a Post
Showing results for 
Search instead for 
Did you mean: 

2 New hits - Mamba, Diablo6 and old Cerberware

Dear All,

Hope new variants of ransomware getting floated now.

Anyone have clue of signatures to be available for block in CheckPoint?

1) Diablo6: New Variant of Locky Ransomware

2) New variant of Mamba

3) Cerberware (This is older one)

Regards, Prabulingam.N

0 Kudos
2 Replies

Please see : Threat Intelligence News 14 August 2017 


The Mamba ransomware, which affected San Francisco’s Metro last year, has recently resurfaced and targeted corporations in Brazil and Saudi Arabia, according to researchers. The article includes a technical analysis of the ransomware.

Check Point Anti-Bot blade provides protection against this threat (Trojan-ransom.Win32.Mamba.*)

A new variant of the popular Locky ransomware named Diablo6 is being spread in a spam email

Check Point IPS and Anti-Bot blades provide protection against this threat (Suspicious Mail Attachment Containing JavaScript Code; Trojan-ransom.Win32.Locky.*; Operator.Locky)


Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files:

Check Point Forensic Files: Cerber Ransomware Distribution using Office DOTM files | Check Point Blo... 

0 Kudos

Dear Ofir,

Thanks for prompt response. 

I can see signatures been updated for Locky & Cerber in Threat Prevention_Protections Tab as below:

(Trojan-Downloader.Win32.Cerber.* Trojan-Ransom.Win32.Cerber.* Trojan-Ransom.Win32.Locky.*  


But unable to see any signature search for Mamba in Threat Prevention_Protections Tab 

(Threat Wiki shows Trojan-ransom.Win32.Mamba.*)

Please help us out in above.

Regards, Prabulingam.N

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events