Mallox Ransomware Targets Microsoft SQL Servers - A Growing Threat
Indian Cyber Security Solutions (GreenFellow IT Security Solutions Pvt Ltd)
"Securing your world Digitally"
Introduction
Since its emergence in June 2021, a new and highly dangerous ransomware strain called Mallox, also known as TargetCompany, FARGO, and Tohnichi, has been actively targeting and attacking Microsoft SQL (MS-SQL) servers. This ransomware is particularly notorious for exploiting unsecured MS-SQL servers to gain access to victims' networks. Security researchers at Unit 42 have recently identified a significant surge in Mallox ransomware, with a 174% increase in attacks compared to late 2022. The group behind Mallox employs a double extortion strategy
Distribution and Targeted Industries
Mallox ransomware has been widespread, with hundreds of victims falling prey to the attacks. According to Unit 42 telemetry, the ransomware has affected various industries, including manufacturing, professional services, legal services, wholesale, and retail. The group's malicious activities have been persistent and escalated in 2023.
Execution Techniques
To successfully execute the ransomware payload, Mallox employs multiple tactics to evade detection and hinder recovery
领英推荐
Ransom Note
Mallox ransomware follows the common practice of leaving a ransom note in each directory on the victim's drive, explaining the infection and providing contact details for ransom payment.
Threat of Expansion
Although Mallox is currently a relatively small and closed group, it aims to grow its illicit operations by recruiting affiliates. Through successful recruitment, Mallox could expand its scope and target additional organizations, posing an even more significant threat to cybersecurity.
Mitigating the Risk
In light of the growing threat from Mallox ransomware, Unit 42 advises organizations to take proactive measures to minimize
Conclusion
Mallox ransomware continues to be a severe threat to organizations worldwide, exploiting vulnerabilities in Microsoft SQL servers to carry out devastating attacks. To protect against such ransomware strains, it is crucial for organizations to prioritize cybersecurity measures, including regular patching and securing their MS-SQL servers