Mallox ransomware: in-depth analysis and evolution
Essential information
- Published
- 04/09/2024 16:31
- Modified
- 04/09/2024 18:49
- Tags
- 2024-09-04 mallox raas ransomware remcos rat
- Related entities
- 7 observables, 1 intrusion sets (apt), 17 techniques (mitre), 2 malware, 11 others
Description
Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) operation. Initially targeting specific companies, it transitioned to a more generic approach, likely as part of its RaaS model. The malware employs complex encryption schemes, including elliptic-curve cryptography and ChaCha20, which have been modified over time to address vulnerabilities. Mallox targets various countries, with Brazil, Vietnam, and China being the most affected. The RaaS operates on a profit-sharing model, offering up to 80% to affiliates with access to large networks. The group actively maintains a data leak site and negotiation portal on the dark web, and uses social media to publicize their activities and attract new affiliates.