Skip to main content

From private malware to Ransomware-as-a-Service: the rise of Mallox

September 10, 2024

The recent rapid proliferation and increased sophistication of Mallox ransomware signals a pressing demand for organizations to urgently bolster their defenses, protecting their digital assets and mitigating risks. To address this need, Kaspersky has released a report titled "Mallox Ransomware: In-Depth Analysis and Evolution". The new publication provides a comprehensive analysis of the Mallox ransomware, chronicling its transformation from a privately operated malware to a full-scale Ransomware-as-a-Service (RaaS) operation.

The report highlights Mallox’s significant impact since its initial appearance in early 2021. Originally a highly targeted, human-operated ransomware, Mallox inflicted severe damage on organizations worldwide. Kaspersky’s research details how this once-isolated threat has rapidly evolved, with more than 700 new samples identified from 2021 to mid-2024. This surge in activity is largely attributed to Mallox’s transition into a RaaS model, enabling it to expand aggressively by recruiting affiliates and partners through a dark web forum.

In January 2023, the operators behind Mallox launched a robust RaaS affiliate program, actively seeking skilled "pentesters" to expand their reach. Offering lucrative profit-sharing terms, the program has attracted a host of cybercriminals, contributing to a marked increase in Mallox-related attacks. The report further delves into the advancements in Mallox’s encryption schemes, which have become increasingly sophisticated. Kaspersky’s detailed analysis of these cryptographic techniques underscores the continuous innovation by Mallox developers to enhance the ransomware’s efficacy.

The report also sheds light on Mallox’s global spread, focusing on its preferred infection vectors. Notably, the attackers often exploit vulnerabilities in MS SQL and PostgreSQL servers, demonstrating its adaptability and threat to a broad range of industries. This in-depth analysis serves as an essential resource for cybersecurity professionals, offering critical insights into the nature and evolution of this formidable ransomware.

Geographical chart of Mallox attack attempts

Geographical chart of Mallox attack attempts

Mallox has demonstrated a particular preference for targeting certain regions. Brazil, Vietnam, and China have emerged as the most frequently targeted countries. Although India, Russia, Saudi Arabia, Lebanon, Colombia, Turkiye, and the United States of America have experienced fewer attacks, they remain vulnerable to the ransomware's threat.

"Understanding the Mallox ransomware - its evolution, characteristics, and devastating potential - empowers organizations to fortify their defenses. With the right security measures in place, companies can not only protect their digital assets but also diminish the risk of becoming the next target of this formidable threat,” comments Kaspersky security expert Fedor Sinitsyn.

To maximize your organization's security, Kaspersky recommends:

  • Do not expose remote desktop services, such as RDP, to public networks unless absolutely necessary, and always use strong passwords.
  • Make sure your commercial VPN and other server-side software solutions are always up to date as exploitation of this type of software is a common ransomware infection vector. Always keep client-side applications up to date.
  • Use complex security solutions, combining endpoint protection and automated incident response features, such as award-winning Kaspersky NEXT.
  • Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections.
  • Back up data regularly. Make sure you can quickly access it in an emergency.
  • Use the latest Threat Intelligence information to stay up to date on the latest TTPs used by threat actors.
  • Use Managed Detection and Response services to help identify and stop an attack in the early stages, before the attackers achieve their ultimate goals.
  • To protect the corporate environment, educate your employees. Dedicated training courses, such as those provided in the Kaspersky Automated Security Awareness Platform, can help.

Please read the full report on Mallox ransomware evolution on Securelist.com.

From private malware to Ransomware-as-a-Service: the rise of Mallox

The recent rapid proliferation and increased sophistication of Mallox ransomware signals a pressing demand for organizations to urgently bolster their defenses, protecting their digital assets and mitigating risks. To address this need, Kaspersky has released a report titled "Mallox Ransomware: In-Depth Analysis and Evolution". The new publication provides a comprehensive analysis of the Mallox ransomware, chronicling its transformation from a privately operated malware to a full-scale Ransomware-as-a-Service (RaaS) operation.
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases