In this talk I will present the details and challenges of handling an incident suffered by a large multinational company with subsidiaries in Brazil, India and the United States that resulted in the Mamba discovery, the first ransomware to use, in fact, the Full Disk Encryption (FDE) strategy. I’m going also to present the entire process of researching, publication and collaboration with CERTs from various countries, research laboratories and international security products players.