🏣

TargetCompany

Aliases

Mallox

Tags

RansomOps

Attribution

💰Cybercrime

Incidents

TargetCompany Abusing MSSQL Servers for Ransomware

References

https://asec.ahnlab.com/en/64921/https://cyberint.com/blog/research/targetcompany-ransomware-group-aka-mallox-a-rapid-evolution/https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-targetcompany

Last edited

May 26, 2024 7:57 PM

Status

Finalized

Cloud-fluent

Unique Tools

Mallox ransomware Remcos RAT

The ransomware group known as TargetCompany, which emerged in June 2021, is known for attaching the names of its victims to the files it encrypts. This group has evolved significantly, frequently updating its encryption methods, the features of its decryptors, and the extensions of the encrypted files.

Originally, TargetCompany used a ".onion" website for communications and delivered ransom instructions in a file named "How to decrypt files.txt." However, more recent versions have moved away from these practices. For instance, in late 2022, they started using the ".mallox" extension for encrypted files and improved their encryption techniques by using Chacha20, Curve 25519, and AES-128 algorithms.

The group also broadened its operations by launching a data leak website called "Mallox" and changing its ransom notes to "HOW TO RECOVER!!.txt." Recent data, including a report from PaloAlto, indicates a 174% increase in TargetCompany's attacks on SQL servers, aligning with the overall rise in ransomware incidents in 2023.