Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide.
In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners. This article aims to provide a comprehensive technical overview of the ransomware and its history.
Read more…
Source: Kaspersky
Related:
- Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
March 14, 2023
Google’s Threat Analysis Group (TAG) recently discovered usage of an unpatched security bypass in Microsoft’s SmartScreen security feature, which financially motivated actors are using to deliver the Magniber ransomware without any security warnings. The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return ...
- Wymondham College hit by sophisticated cyber attack
March 14, 2023
Wymondham College said disruption was likely to continue until the Easter holidays due to its IT system being targeted. In a message sent to students, seen by the EDP, the college apologised for disruption but said it believed there had been no data breach. Read more… Source: Wymondham Evening News
- Microsoft fixes Windows zero-day exploited in ransomware attacks
March 14, 2023
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. The attackers have been using malicious MSI files signed with a specially crafted Authenticode signature to exploit this security feature bypass vulnerability (tracked as CVE-2023-24880). Read more… Source: Bleeping Computer Related story: ...
- Cyprus: Land registry website problems due to ‘cyber attack’
March 12, 2023
After a “thorough evaluation of all data”, the land registry department on Sunday said the technical problem that saw it go offline since Wednesday was due to a “cyber attack” The department said that due to the nature of the problem and the size of the systems, they will be gradually restored, starting with the restoration ...
- “Massive” cyber attack crashes African Union’s system
March 11, 2023
Cyber attackers prey on the African Union (AU), resulting in the unscheduled suspension of its systems. The Reporter got a copy of an internal memo that said an attack on the AU data center started last week, making services and applications unavailable. Sources say that more than 200 corrupted devices have been found and are being ...
- What happens if you ‘cover up’ a ransomware infection? For Blackbaud, a $3m charge
March 10, 2023
Blackbaud has agreed to pay $3 million to settle charges that it made misleading disclosures about a 2020 ransomware infection in which crooks stole more than a million files on around 13,000 of the cloud software slinger’s customers. According to America’s financial watchdog, the SEC, Blackbaud will cough up the cash – without admitting or denying ...