Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape
🏣

TargetCompany

Aliases

Mallox

Tags
RansomOps
Attribution
💰Cybercrime
Incidents
TargetCompany Abusing MSSQL Servers for Ransomware
References
https://asec.ahnlab.com/en/64921/https://cyberint.com/blog/research/targetcompany-ransomware-group-aka-mallox-a-rapid-evolution/https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-targetcompany
Last edited
May 26, 2024 7:57 PM
Status
Finalized
Cloud-fluent
Unique Tools
Mallox ransomwareRemcos RAT

The ransomware group known as TargetCompany, which emerged in June 2021, is known for attaching the names of its victims to the files it encrypts. This group has evolved significantly, frequently updating its encryption methods, the features of its decryptors, and the extensions of the encrypted files.

Originally, TargetCompany used a ".onion" website for communications and delivered ransom instructions in a file named "How to decrypt files.txt." However, more recent versions have moved away from these practices. For instance, in late 2022, they started using the ".mallox" extension for encrypted files and improved their encryption techniques by using Chacha20, Curve 25519, and AES-128 algorithms.

The group also broadened its operations by launching a data leak website called "Mallox" and changing its ransom notes to "HOW TO RECOVER!!.txt." Recent data, including a report from PaloAlto, indicates a 174% increase in TargetCompany's attacks on SQL servers, aligning with the overall rise in ransomware incidents in 2023.

Made with 💙 by Wiz

Last Updated: April 3, 2025