The recent rapid proliferation and increased sophistication of Mallox ransomware signals pressing demand for organisations to urgently bolster their defences protecting digital assets and mitigating risks. To address this need, Kaspersky has released the Mallox ransomware: In-depth analysis and evolution report. The new publication provides a comprehensive analysis of Mallox ransomware, chronicling its transformation from privately operated malware to full-scale RaaS operation.

The report highlights Mallox’s significant impact since its initial appearance in early 2021. Originally highly targeted, human-operated ransomware, Mallox inflicted severe damage on organisations worldwide. Kaspersky’s research details how this previously isolated threat has rapidly evolved with more than 700 new samples identified from 2021 to mid-2024. This surge in activity is largely attributed to Mallox’s transition into a RaaS model, enabling it to expand aggressively by recruiting affiliates and partners through a dark web forum.

In January 2023, the operators behind Mallox launched a robust RaaS affiliate programme, actively seeking skilled “pen testers”* to expand their reach. Offering lucrative profit-sharing terms, the programme has attracted a host of cybercriminals, contributing to a marked increase in Mallox-related attacks. The report delves into advancements in Mallox’s encryption schemes, which have become increasingly sophisticated. Kaspersky’s detailed analysis of these cryptographic techniques underscores continuous innovation by Mallox developers to enhance the ransomware’s efficacy.

The report also sheds light on Mallox’s global spread, focusing on its preferred infection vectors. Notably, the attackers often exploit vulnerabilities in MS SQL and PostgreSQL servers, demonstrating its adaptability and threat to a broad range of industries. This in-depth analysis serves as an essential resource for cybersecurity professionals, offering critical insights into the nature and evolution of this formidable ransomware. Mallox has demonstrated a particular preference for targeting certain regions. Brazil, Vietnam and China have emerged as the most frequently targeted countries. Although India, Russia, Saudi Arabia, Lebanon, Colombia, Turkiye and the United States of America have experienced fewer attacks, they remain vulnerable to the ransomware’s threat.

“Understanding the Mallox ransomware – its evolution, characteristics and devastating potential – empowers organisations to fortify their defences. With the right security measures in place, companies can protect their digital assets and diminish the risk of becoming the next target of this formidable threat,” comments Kaspersky security expert Fedor Sinitsyn.

The full report on Mallox ransomware evolution is on Securelist.com.

^* A penetration test (pen test) is an authorised simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.