Outbreak Alert
Increased Activity in the Wild
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, potential impact to an organization's reputation and extortion. Learn More »
Common Vulnerabilities and Exposures
Background
The Mallox ransomware, also referred to as FARGO or TargetCompany, first appeared in June 2021. Initially, it targeted Microsoft Windows systems by exploiting unsecured Microsoft SQL servers. Over time, it has evolved to impact Linux systems and VMware ESXi environments as well.
The ransomware attacks a wide range of industries, including manufacturing, technology, automotive, and banking. In recent years, Mallox has expanded its operations by adopting a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to extend its reach.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Fortinet customers remain protected by the IPS service blocking any attack attempts targeting the related vulnerabilities and has Anti-Malware service to block all the known and unknown malware related to Mallox ransomware.
-
September 23, 2024: A Mallox affiliate leaked staging server data, revealing that their Linux ransomware was based on a modified version of Kryptina.
https://www.sentinelone.com/labs/kryptina-raas-from-unsellable-cast-off-to-enterprise-ransomware/ -
September 04, 2024: Securelist by Kaspersky released a recent blog on Mallox Ransomware
https://securelist.com/mallox-ransomware/113529/ -
December 22, 2022: FortiGuard Labs released a Threat Signal
https://www.fortiguard.com/threat-signal-report/4918
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Content Update
-
Automated Response
-
Assisted Response Services
-
NOC/SOC Training
-
End-User Training
-
Vulnerability Management
-
Attack Surface Monitoring (Inside & Outside)
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
References
Sources of information in support and relation to this Outbreak and vendor.