HQ/EMEAFind out how we can help your business
In a recent discovery by our threat researchers in iZOOlogic, it was found that the Mallox ransomware group had added the oldest and the largest Indian apex business organisation to their list of victims, the Federation of Indian Chambers of Commerce and Industry (FICCI).
The FICCI is a non-profit organisation established in 1927 that powers the Indian government’s economic policies by providing discussion forums for economists and civil servants and arranging consultative meetings with policymakers.
Based on our research team’s findings, the Mallox ransomware group included the organisation in their leak site last February 21. The details about the attack shown on the ransomware gang’s post stated that about 1.28GB of data were stolen from FICCI, comprised of critical data inside the org’s networks.
Numerous critical data from the FICCI had been exposed to the Mallox gang.
Some of these compromised data are vendor names and permanent account numbers (PAN), images of income tax receipts, a list of consultants, communications, and infrastructure subcommittees, and a list of organisation vendors/members grouped by nature of industries.
The ransomware gang did not mention any ransom amount they requested from the organisation. Furthermore, FICCI has not released any comment about the alleged incident, and their official website (https://ficci[.]in/) remains accessible.
Given that the non-profit organisation caters to India’s private and public corporations and multinational firms, the alleged ransomware attack could impact a wide scope of entities, potentially resulting in adverse outcomes.
The Mallox ransomware group’s attacks usually involve encrypting victims’ files and appending a file extension ([.]mallox) to the compromised filenames. Then, a ransom note in a TXT file (titled “RECOVERY INFORMATION.txt”) is created for the victims to learn how to communicate with the threat operators.
There is currently no free decryptor available for the victims of the Mallox ransomware group, leaving targeted entities with no other option but paying the ransom amount. However, security experts highly discourage people from trusting any cybercriminal groups since most would still sell or leak the victims’ data despite being paid with the ransom.
Our threat researchers will continue to monitor this incident and share updates as they arise.
In the meantime, entities that could get affected by the alleged FICCI hack must be cautious against potential cyberattacks from threat actors and implement robust security measures immediately.
