HQ/EMEAFind out how we can help your business
Researchers revealed that the Mallox ransomware operation has dramatically increased its attacks this year compared to the last few years. The ransomware operation grew around 2021 and has recently deployed multiple new variants.
The malware operators commonly use phishing emails that contain malicious OneNote files to deliver their payloads. The Mallox ransomware operation follows the double extortion tactic to pressure its victims to pay the ransom fee immediately. This detail shows that the group is like other ransomware operations.
Mallox ransomware started as a minor ransomware group that gathered traction at the start of the year.
Mallox ransomware is a notorious small-scale and closed malicious group. However, these attackers got their break at the start of the year after putting efforts into expanding its new Mallox ransomware-as-a-service (RaaS) program by recruiting affiliates.
In addition, the group acquired more success by taking advantage of poorly configured MS-SQL servers to breach targeted networks. Threat analysts explained that the ransomware operators exploited a couple of RCEs in their attacks.
On the other hand, the group have also attempted to drop their payload through phishing emails, despite primarily relying on vulnerable SQL servers for breaching operations.
Experts expect the group to continue as more affiliate groups cooperate for specific missions and target similar organisations.
The sudden increase in Mallox ransomware infection could be a primary concern for many, as a new report from NCC Group showed a 221% surge in ransomware attacks annually as of June 2023.
However, the primary factor of these ransomware attacks came from Cl0p ransomware’s recent exploit of the MOVEit file transfer software flaw that allegedly affected more than 100 organisations.
The surge of ransomware activities indicates the constant evolution of threats in the cybercriminal environment. Small-scale operations, such as 8base, Rhysida, and Mallox, have demonstrated their capability to execute a more significant attack.
Therefore, organisations should stay vigilant and employ security measures to prevent such threats. These mitigation tactics should start with acquiring a robust real-time alert and threat-sharing system that helps security teams analyse threats.
