Mallox ransomware: in-depth analysis and evolution

SUMMARY :

Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) operation. Initially targeting specific companies, it transitioned to a more generic approach, likely as part of its RaaS model. The malware employs complex encryption schemes, including elliptic-curve cryptography and ChaCha20, which have been modified over time to address vulnerabilities. Mallox targets various countries, with Brazil, Vietnam, and China being the most affected. The RaaS operates on a profit-sharing model, offering up to 80% to affiliates with access to large networks. The group actively maintains a data leak site and negotiation portal on the dark web, and uses social media to publicize their activities and attract new affiliates.

OPENCTI LABELS :

ransomware,remcos rat,raas,mallox


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Mallox ransomware: in-depth analysis and evolution