Mallox Ransomware Vulnerability Lets Victims Decrypt Files - #FARGO
Recent cybersecurity research has revealed that the Mallox ransomware, active since mid-2021, has evolved into a complex Ransomware-as-a-Service (RaaS) model, targeting both Linux and Windows systems. A notable variant now exploits a custom Python script and includes a web panel for managing custom ransomware versions, with encryption employing the AES-256 CBC algorithm. Security experts have identified vulnerabilities and developed decryptors, although newer versions have patched these weaknesses. Mallox's attack vectors often exploit unsecured MS-SQL servers, with adaptations for both Linux and Windows environments, demonstrating multi-extortion tactics, including data exfiltration. Recommendations to mitigate these threats include regular data backups, updating software, using reliable security solutions, and maintaining vigilance against suspicious activities and potential lateral movements within networks.