Mallox Ransomware
Increased Activity in the Wild
https://community.fortinet.com/t5/FortiRecon/Outbreak-Alert-Mallox-Ransomware/ta-p/356300
CVEs: CVE-2024-21338,CVE-2020-0618,CVE-2019-1068
FortiGuard Labs continue to see increase in Mallox ransomware related activities detecting Mallox ransomware on multiple hundred FortiGuard sensors. Ransomware infection may cause disruption, damage to daily operations, potential impact to an organization's reputation and extortion.
Background
The Mallox ransomware, also referred to as FARGO or TargetCompany, first appeared in June 2021. Initially, it targeted Microsoft Windows systems by exploiting unsecured Microsoft SQL servers. Over time, it has evolved to impact Linux systems and VMware ESXi environments as well. The ransomware attacks a wide range of industries, including manufacturing, technology, automotive, and banking. In recent years, Mallox has expanded its operations by adopting a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to extend its reach.
Latest Developments

Fortinet customers remain protected by the IPS service blocking any attack attempts targeting the related vulnerabilities and has Anti-Malware service to block all the known and unknown malware related to Mallox ransomware.

arrow_icon
PROTECT

Countermeasures across the security fabric for protecting assets, data and network from cybersecurity events:

AV

Detects known malware related to the Outbreak

FortiADC
FortiCASB
FortiCWP
FortiClient
FortiGate
FortiMail
FortiProxy
FortiSASE
FortiWeb
Vulnerability

Detects end-user devices running the vulnerable application.

FortiClient
AV (Pre-filter)

Detects known malware related to the Outbreak

FortiEDR
FortiNDR
FortiSandbox
Behavior Detection

FortiSandbox
IPS

Detects and blocks attack attempts leveraging the vulnerability

FortiADC
FortiGate
FortiNDR
FortiProxy
FortiSASE
arrow_icon
DETECT

Find and correlate important information to identify an outbreak, the following updates are available to raise alert and generate reports:

IOC

FortiAnalyzer
FortiSOCaaS
FortiSIEM
FortiSOAR
Outbreak Detection

FortiAnalyzer
FortiClient
FortiNDR Cloud
FortiSIEM
FortiSOAR
Threat Hunting

FortiAnalyzer
FortiNDR Cloud
FortiSIEM
Content Update

FortiSIEM
arrow_icon
RESPOND

Develop containment techniques to mitigate impacts of security events:

Automated Response

Services that can automaticlly respond to this outbreak.

FortiXDR
Assisted Response Services

Experts to assist you with analysis, containment and response activities.

Incident Response
arrow_icon
RECOVER

Improve security posture and processes by implementing security awareness and training, in preparation for (and recovery from) security incidents:

NOC/SOC Training

Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.

NSE Training
Response Readiness
End-User Training

Raise security awareness to your employees that are continuously being targeted by phishing, drive-by download and other forms of cyberattacks.

Security Awareness & Training
arrow_icon
IDENTIFY

Identify processes and assets that need protection:

Attack Surface Hardening

Check Security Fabric devices to build actionable configuration recommendations and key indicators.

Security Rating
Vulnerability Management

Reduce the attack surface on software vulnerabilities via systematic and automated patching.

FortiClient
Additional Resources
Bleeping Computer
https://www.bleepingcomputer.com/news/security/new-mallox-ransomware-linux-variant-based-on-leaked-kryptina-code/
Security Week
https://www.securityweek.com/avast-releases-free-decryptor-for-mallox-ransomware/

Learn more about FortiGuard Outbreak Alerts