Mallox Ransomware

Read Time:1 Minute, 41 Second

FortiGuard Labs is aware of recent reports of an uptick of activity in the Mallox ransomware observed in the wild. Reportedly, the Mallox threat actor distributes ransomware via a downloader attached to spam emails by targeting unsecured internet-facing Microsoft SQL servers. Mallox ransomware encrypts files on compromised machines and typically adds a “.mallox” file extension to the affected files.Why is this Significant?This is significant because recent reports highlight an increased uptick of Mallox ransomware activities. Ransomware infection causes disruption, damage to daily operations, potential impact to an organization’s reputation, and the unwanted destruction or release of personally identifiable information (PII), etc.What is Mallox Ransomware?Mallox is a ransomware strain that has been around since 2021 and is also known as Fargo. The ransomware encrypts files on compromised machines and typically adds a “.mallox” file extension to the affected files. Mallox leaves a ransom note titled “FILE RECOVERY.txt” that contains the ransom message, victim’s private key, and a TOR site address where victims can contact the attacker. The TOR site also works as a data leak site where information stolen from the victims will be released if ransom payment is not made. At the time of this writing, the leak site listed one company, however previous victims may have been removed.Ransom note left by Mallox ransomwareMallox ransomware threat actor reportedly distributes the ransomware via downloader malware attached to spam emails. The threat actor also targets unsecured internet-facing Microsoft SQL servers by attempting to log with a list of username and password combinations.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for known Mallox ransomware samples:W32/Filecoder.D181!tr.ransomW32/Filecoder.OJC!tr.ransomW32/Generic.AC.171!tMSIL/Agent.LXR!trMSIL/Agent.LYC!trMSIL/Agent.NLO!tr.dldrMSIL/Agent.NZA!tr.dldrMSIL/Agent.OBD!tr.dldrMSIL/Agent.OEY!tr.dldrMSIL/Agent.OFN!tr.dldrMSIL/Agent.OHG!tr.dldrMSIL/GenKryptik.FMRD!trMSIL/Kryptik.ADHC!trMSIL/Kryptik.AGYT!tr.ransomMSIL/Kryptik.AHJZ!trMSIL/Kryptik.DCC!trPossibleThreat

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

ofono-2.14-1.fc40

icecat-flatpak-115.18.0-2

mupdf-1.24.6-2.fc40

mupdf-1.21.1-6.el9

DSA-5837-1 fastnetmon – security update

DSA-5836-1 xen – security update