Palo Alto Networks researchers warn for aggressive Mallox ransomware


Palo Alto Networks researchers warn for aggressive Mallox ransomware

The number of victims almost tripled in 2023

UNIT 42, the research branch of Palo Alto Networks, warns for Mallox, a particularly aggressive ransomware variant that aims its sights on Microsoft Windows systems. This year, the hackers behind the malware have already claimed almost three times more victims than the previous year (174% increase). To corner the victims, the cybercriminals threaten to publish the stolen data on the dark web.

Image 1: Mallox website on Tor browser

Image 2: Mallox private chat on Tor website

Mallox, also known as TargetCompany, Fargo or Tohnichi, always operates in the same way: first, the hackers look for weak MS-SQL servers. Then they turn to “brute force attacks”, a method in which all possible combinations of passwords are entered until the right one is found. Once inside, the criminals download the Mallox ransomware from a remote server.

Image 3: A part of the Mallox code

The Mallox hacker group saw the light of day in 2021. According to a member of the gang, who gave an anonymous interview in January 2023, the group is still relatively small. However, the hacker collective has ambition and wants to expand, according to various job postings on hacker forums. The criminals claim to have already made hundreds of victims. That information is confirmed by Palo Alto Networks researchers.

Image 4: Job offer for Mallox on RAMP

Companies therefore need to stay alert, and watch over their applications that are connected to the internet. UNIT 42 advises to keep all systems up to date as much as possible.

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

Published on Digimedia, Computable en Belgium Cloud.