According to a recent report by Palo Alto’s Unit 42 Network, the incidence of Mallox ransomware (also known as TargetCompany, FARGO, or Tohnichi) has skyrocketed by an astonishing 174% in 2023 compared to the previous year.
A new variant of ransomware called Xollam has surfaced recently. It is spread through phishing emails that contain malicious files disguised as OneNote documents. Mallox, like many other ransomware groups, uses double extortion to put more pressure on victims and force them to pay the ransom.
What are the findings?
Mallox used to be recognized as a small and exclusive ransomware group in the past. Since the start of the year, the group has been diligently working to expand its innovative Mallox RaaS program by actively recruiting affiliates.
It achieved even greater success by exploiting vulnerable MS-SQL servers in order to infiltrate networks. We have detected that adversaries are actively exploiting two critical vulnerabilities for remote code execution – CVE-2020-0618 and CVE-2019-1068.
Although the ransomware group initially targeted vulnerable SQL servers for infiltration, they have recently started employing phishing emails to distribute the malicious payload.
The development is seen as a unification of multiple affiliate groups working towards the same mission.
Ransomware incidents spike
The staggering increase in Mallox infection is alarming and should be a major concern. According to a recent report by NCC Group, there has been a staggering 221% increase in ransomware attacks compared to the previous year, as of June 2023. Shockingly, there were 434 reported attacks in June alone.
Over 100 organizations were allegedly impacted by the MOVEit file transfer software vulnerability, which led to a majority of these attacks being driven by Cl0p’s exploitation.
LockBit 3.0 was a highly active ransomware, accounting for 62 out of the 434 total attacks.
In just a few short months, the notorious 8Base ransomware actor, who emerged in May, has already been linked to a staggering 40 cyberattacks.
The surge in ransomware activity clearly demonstrates how the threat landscape is continuously progressing. Organizations must stay vigilant and adapt security measures to outmaneuver cyber threats such as Mallox, 8base, and Rhysida, who are showcasing their capabilities, while LockBit 3.0 refuses to back down.
To effectively understand the evolving threat landscape, it is crucial to implement a strong and dynamic real-time threat-sharing and alerting system. This system empowers security teams to stay informed and proactive in the face of constantly changing threats.