Mamba Ransomware Removal

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

How irritating is this virus?

This page aims to help you remove Mamba Ransomware for free. Our instructions also cover how any Mamba encrypted files can be recovered.

In the article below we are going to tell you everything about Mamba Ransomware – also known as HDDCryptor. This program is extremely malicious and may become the reason for the encryption of many files, which are very important to you.

“You are hacked! H.D.D. Encrypted” is the trademark opening statement of the Mamba Ransowmare.

Mamba Ransomware at work

Any unfortunate victim of Mamba Ransomware would be seeing this.

What exactly is the Mamba Ransomware?

Ransomware-based programs are extremely dangerous and malicious. This is one of the fastest developing types of viruses in the world. There are various subtypes of Ransomware:

  • Mobile-based Ransomware – these programs attack mobile phones, lock their screens up and then demand ransom for making the screens accessible to the victim users again.
  • Monitor-locking Ransomware – what is typical of this subtype is the fact that no files are really encoded. Such a program resembles the mobile Ransomware, but works on computers. Only the screen is locked and then ransom is wanted for unlocking it.
  • Government-exploited Ransomware – some state security agencies use Ransomware-based programs to fight cybercrime, for example, or violation of copyright policies. The program would lock up the criminal’s computer and a fine will be required for decoding it.
  • The famous file-locking Ransomware – this is the most widely spread type of viruses. The ones of this subgroup infect your PC, collect data about the files you use most and then encrypt them, most usually with a double key. This key’s two parts are different – the Public one you get right after the process of encoding your files has been finished. For the second component the hackers, who are attacking you, want ransom and you get a special alert notification on your screen letting you know, how and in what currency you should pay. There could even be a specific deadline stated.
  • HDD-encrypting ransomware – these viruses usually target your HDD, changing the Master Boot Record so that you are not even able to boot your PC into Windows

What type of threat does Mamba Ransomware belong to?

Mamba is an example of HDD-encoding Ransomware. This subgroup’s members usually enter your PC with the assistance of a Trojan horse virus. The Trojan is the one who ensures the safe passage and once both viruses have finally gotten inside your system, they may proceed with their further plans and intentions. Mamba, for example, starts the actual encryption process after carefully defining which files exactly are used most frequently. Then all of them get locked up. The Trojan, on the other hand, stays hidden until the moment comes for the implementation of its own plan. If you want to learn more about Mamba you can check out the report by KasperskyLabs.

What might work in the fight against such a virus?

Sadly, the truth is such a version of malware is extremely difficult to be counteracted. The affected user may need special advice or tips from a professional or the help of an extremely powerful anti-malware tool to win such a battle against Mamba Ransomware. What is even more disturbing is the fact that even paying the requested ransom may not be what it takes to set your encrypted files free. The hackers might just run away with your money and leave your encoded data inaccessible forever. That is why we recommend that you don’t choose to immediately pay the demanded sum.  What we can advise you to do is to try to cure this awful contamination with the help of other means – software, tools, tips or the assistance of experts. Try everything before you proceed with giving your money to criminals, because paying them might even be considered a crime.

For instance, you may try to save your files and destroy the infection via using our own Removal Guide on this page. We do not promise that these tips will help you decrypt your files, but they will certainly help remove Mamba. Either way, it doesn’t hurt to try as you lose nothing. Another possible decision which is rather wise is to go and see a professional who has dealt with similar infections. Such experts could be of great help because they may have their own know-how. What else you could do is to purchase a specialized anti-Ransomware program but only after consulting someone in that area for advice.

The only guaranteed solution

The only solution that guarantees a complete success in the fight with Ransomware is preventing it. Prevention should become your daily routine. There are some general tips we could share with you. First of all, avoid the possible sources of Ransomware – do not authorize any macros in any document that has come to you from the web. Stay away from email from unknown senders – do not open them or download any of their attachments. Also, scan your PC regularly to avoid even more cyber threats. And the essential advice when it comes to Ransomware: please learn to keep copies of your important data. Back up as many of your important files as you can, as Mamba Ransomware targets files and if you have copies stored on a separate drive, no one will be able to blackmail you.


Name Mamba
Type Ransomware
Danger Level High (Ransomware is by far the worst threat you can encounter)
Symptoms No visible ones before the alert for the ransom pops up. Possibly sluggish system performance during the process of encryption, though, it is not that common.
Distribution Method Fake advertisements; torrents, web pages, contagious emails.
Detection Tool We generally recommend SpyHunter or a similar anti-malware program that is updated daily.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Mamba Ransomware Removal

Restoring basic Windows functionality
Before you are able to remove the Mamba Ransomware virus from your computer you need to be able to access it in the first place. Since the ransomware will prevent Windows from booting itself your first job is to repair the Master Boot Records (MBR) of your drive.
To do that you’ll need your original Windows OS DVD (or an USB bootable drive for advanced users)
  1. Insert the DVD (or the USB) into the computer, then run the computer and choose to boot the OS from the DVD/USB. You may have to change Windows boot priorities from the bios by pressing Del
  2. When Windows boots from the DVD/USB select Windows Repair
  3. Open the Command Prompt and write the following commands inside: enter: bootrec / fixmbr, bootrec / fixboot and bootrec / rebuildbcd
  4. Your Windows OS should now be able to boot normally. You can proceed with the removal of the virus as usual.


Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

  • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. If you want a fast safe solution, we recommend SpyHunter. 

>> Click to Download Spyhunter. If you don't want this software, continue with the guide below.

Keep in mind, SpyHunter’s malware & virus scanner is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Mamba

We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

Did we help? Share your feedback with us so we can help other people in need!

  • Imo

    hi, I did all the instructions on how to recover from Mamba. But still the disks are encrypted and I cant access them nor get into safe mode.
    Kindly advise since this solution does not work.

    • HowToRemove.Guide Team

      Hi Imo, were you able to repair the master boot record (MBR) as written in the first step?

  • HowToRemove.Guide Team

    Hi Imo,
    this is a guide on how to remove the ransomware from your system. On Step 5 you can visit the link on how to decrypt your files or use the software we provided there. Mamba is still a new kind of ransomware and researchers are still trying to find a way on how to devrypt the files. So i would suggest to you to check this link once in a while to see if there is a decryptor for Mamba encryption.

  • HowToRemove.Guide Team

    You are most welcome Imo 🙂

  • HowToRemove.Guide Team

    Did you check our article on How to Decrypt Ransomware?