Ransomware, Threat Intelligence

Attacks with new Mallox ransomware version aimed at Linux

Closeup of a mobile phone screen with logo lettering of linux on computer keyboard

Hackread reports that Linux systems are having their data encrypted with a new variant of the Mallox ransomware, also known as TargetCompany, Mawahelper, and Fargo.

While older iterations of Mallox ransomware were spread in the form of .DLL, .EXE, or .NET-based files via breached Windows MS-SQL servers, the updated version for Linux was delivered through a custom Python script and leveraged robust AES-256 CBC algorithm-based encryption, as well as allowed user authentication, login and password reset, and other functions, according to a report from Uptycs.

Further analysis of the Python script showed a Flask framework-based web panel that allowed the development of custom Mallox variants, as well as deployment management and ransomware downloading activities.

With the researchers' discovery of the Mallox ransomware decryptor signaling yet another update to the malicious payload, organizations have been urged to defend themselves through regular data backups, up-to-date software implementations, and increased vigilance of suspicious links and attachments.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.