HQ/EMEAFind out how we can help your business
A newly discovered variant of the notorious Mallox ransomware can target Linux systems with a well-known encryption method and a builder web panel. A research group found a decryptor for this new strain, but backups and solid security procedures are still critical for cybersecurity defence.
According to reports, this dangerous program could encrypt the victim’s data and make it unavailable unless a ransom is paid. Moreover, the attackers use a Python script (web_server.py) to deliver the ransomware payload to the targeted Linux-based computer.
The script is a Mallox ransomware web panel built on the Flask framework that connects to a backend database that uses system environment variables to acquire credentials.
The Mallox ransomware is a payload that can create a web interface that allows its operators to generate different variations.
The Mallox ransomware has become a significant threat since it includes a web interface that allows different threat actors to create unique Mallox variations, manage their deployment, and even download the ransomware.
However, this ransomware has improved its capabilities since its latest variant can encrypt user data and add a .locked extension to encrypted files. The new feature is a huge upgrade since its older versions used dotnet-based, EXE, or. DLL files to transmit signed MS-SQL servers and phishing or spam emails.
Additionally, this new virus has routes for various purposes, including user authentication, build management, new user registration, login and password reset, and ransomware build development.
It allows its operators to manage users, check logs, and account for activities. Other confirmed capabilities include user profile management, a chat interface, and a custom 404 error page.
On the other hand, researchers have also noted that Mallox’s encryption method uses the AES-256 CBC technique, a substantial encryption standard. This encryption strategy makes it extremely difficult for victims to decode their files without the attackers’ decryption keys.
Mallox ransomware operations have been ongoing since mid-2021. However, a couple of years ago, it transitioned to a Ransomware-as-a-Service (RaaS) delivery mechanism. Organisations should be wary of this ransomware threat as it employs multiple extortion tactics, including encrypting victims’ data and threatening to expose it on public TOR-based sites.
