Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Mallox is a ransomware strain that specifically targets Microsoft (MS) Windows systems and has been active since June 2021. It is known for its exploitation of unsecured MS-SQL servers as a penetration vector to gain access to victims’ networks.
According to new findings from researchers, Mallox ransomware activities in 2023 have surged by 174% compared to the previous year. Similar to other ransomware threat actors, Mallox follows the double extortion trend, where it first steals sensitive data from organizations before encrypting their files. It then uses the threat of leaking the stolen data on a public leak site to put pressure on victims to pay the ransom fee.
Mallox is associated with a threat actor that has ties to several other ransomware strains, including TargetCompany, Tohnichi, Fargo, and the latest addition, Xollam. The ransomware first gained attention in June 2021 and has been focused on targeting significant sectors, such as manufacturing, professional and legal services, and wholesale and retail industries.
One notable aspect of the group is its pattern of exploiting poorly secured MS-SQL servers through dictionary attacks to compromise victims’ networks. Xollam, however, deviates from this norm and has been observed using malicious OneNote file attachments for initial access, as reported by Trend Micro.
After gaining a foothold on an infected host, Mallox executes a PowerShell command to retrieve the ransomware payload from a remote server. The ransomware binary then attempts to disable SQL-related services, delete volume shadow copies, clear system event logs, terminate security-related processes, and bypass Raccine, an open-source tool designed to counter ransomware attacks. Following this, the encryption process begins, and a ransom note is deposited in every directory.
TargetCompany, while a small, closed group, has been observed recruiting affiliates for the Mallox ransomware-as-a-service (RaaS) program on the RAMP cybercrime forum, hinting at potential expansion of their operations.
“The Mallox ransomware group has been more active in the past few months, and their recent recruiting efforts may enable them to attack more organizations if the recruitment drive is successful.”, they added.
The sudden rise in Mallox infections is part of a broader trend of ransomware attacks, which have experienced a 221% year-over-year increase as of June 2023. In June 2023 alone, there were 434 reported attacks, primarily driven by Cl0p’s exploitation of the MOVEit file transfer software vulnerability.
“The team recommends making sure that all internet-facing applications are configured properly and all systems are patched and up to date wherever possible. These measures will help to reduce the attack surface, thereby limiting the exploitation techniques available to attackers.”
Security researchers have warned that Mallox’s recent recruitment efforts may lead to more successful attacks on organizations, given the current increase in ransomware activities. The ongoing trend of ransomware