A new report from Palo Alto’s Unit 42 Network reveals that Mallox (aka TargetCompany, FARGO, or Tohnichi) ransomware activity in 2023 has jumped by almost 174% as compared to the previous year. The ransomware has been around since 2021 and was recently seen rolling out a new variant, dubbed Xollam, delivered via phishing emails containing OneNote malicious files.
Just like many other ransomware gangs, Mallox follows the double extortion tactic to put pressure on victims to pay the ransom fee.
What are the findings?
Previously, Mallox was known for being a small and closed ransomware group. However, since the beginning of the year, the group has been putting efforts into expanding its new Mallox RaaS program by recruiting affiliates.
It gained more success through the exploitation of insecure MS-SQL servers to infiltrate networks. Adversaries were observed exploiting two remote code execution vulnerabilities - CVE-2020-0618 and CVE-2019-1068.
While the ransomware group primarily relied on vulnerable SQL servers for infiltration, there have been recent attempts to drop the payload via phishing emails.
The development is also being perceived as more affiliate groups coming together in this mission.
Ransomware incidents spike
This sudden surge in Mallox infection raises concern as a new report from NCC Group revealed a 221% jump in ransomware attacks year-over-year as of June 2023, with 434 attacks reported in June alone.
A majority of these attacks were driven by Cl0p’s exploitation of the MOVEit file transfer software vulnerability that allegedly impacted over 100 organizations.
LockBit 3.0 was another active ransomware, responsible for 62 of the 434 attacks.
Meanwhile, the news 8Base ransomware actor, which surfaced in May, was found involved in 40 attacks by June.
Conclusion
The spike in ransomware activity is a clear indicator of the evolving nature of the threat landscape. As threat actors, such as Mallox, 8base, and Rhysida, are demonstrating their capabilities, and LockBit 3.0 showing no signs of giving up, organizations must remain vigilant and adapt security measures to stay one step ahead of such cyber threats. This starts with having a robust real-time threat-sharing and alerting system that helps the security teams in understanding the changing threat landscape.