Mallox Ransomware Targets Microsoft SQL Servers - A Growing Threat
Indian Cyber Security Solutions (GreenFellow IT Security Solutions Pvt Ltd)
"Securing your world Digitally"
Introduction
Since its emergence in June 2021, a new and highly dangerous ransomware strain called Mallox, also known as TargetCompany, FARGO, and Tohnichi, has been actively targeting and attacking Microsoft SQL (MS-SQL) servers. This ransomware is particularly notorious for exploiting unsecured MS-SQL servers to gain access to victims' networks. Security researchers at Unit 42 have recently identified a significant surge in Mallox ransomware, with a 174% increase in attacks compared to late 2022. The group behind Mallox employs a double extortion strategy, encrypting files and stealing data to pressure victims into paying the ransom.
Distribution and Targeted Industries
Mallox ransomware has been widespread, with hundreds of victims falling prey to the attacks. According to Unit 42 telemetry, the ransomware has affected various industries, including manufacturing, professional services, legal services, wholesale, and retail. The group's malicious activities have been persistent and escalated in 2023.
Execution Techniques
To successfully execute the ransomware payload, Mallox employs multiple tactics to evade detection and hinder recovery attempts. It first gains initial access by targeting vulnerable MS-SQL servers through dictionary brute force attacks. Then, the ransomware uses command line and PowerShell to download and deploy the payload. Prior to encryption, Mallox makes several attempts to:
领英推荐
Ransom Note
Mallox ransomware follows the common practice of leaving a ransom note in each directory on the victim's drive, explaining the infection and providing contact details for ransom payment.
Threat of Expansion
Although Mallox is currently a relatively small and closed group, it aims to grow its illicit operations by recruiting affiliates. Through successful recruitment, Mallox could expand its scope and target additional organizations, posing an even more significant threat to cybersecurity.
Mitigating the Risk
In light of the growing threat from Mallox ransomware, Unit 42 advises organizations to take proactive measures to minimize their attack surface. Proper configuration and patching of internet-facing applications and systems can limit attackers' options and reduce the likelihood of successful breaches.
Conclusion
Mallox ransomware continues to be a severe threat to organizations worldwide, exploiting vulnerabilities in Microsoft SQL servers to carry out devastating attacks. To protect against such ransomware strains, it is crucial for organizations to prioritize cybersecurity measures, including regular patching and securing their MS-SQL servers to prevent unauthorized access.