Mallox ransomware has been active since mid-2021, with a surge in activity between September and December 2022. It is also known as “TargetCompany” or “Fargo” ransomware. Mallox payloads are usually .NET-based .EXE or .DLL files that can be spread through various methods, including exposed MS-SQL servers and phishing/spam emails. It uses a combination of AES-128 and ChaCha20 for encryption and terminates a list of processes and services without attempting to hide its malicious activity. The extortion group encrypts victims’ data and threatens to post it on their public TOR-based sites.
