Home / Malware Reports / Mallox Ransomware Report

The Mallox ransomware group has been active since 2021 but emerged with high-profile operations throughout Q2 and Q3 of 2023. Throughout this reporting period, the group has targeted various organisations in different countries including India, France, Portugal and Saudi Arabia. They have been known to target organisations within the industry sectors of manufacturing, food and beverage and retail.

The Mallox ransomware group primarily deploys the ransomware variants of the same name (Mallox ransomware payload), which is delivered via loaders attached to phishing emails. They also employ dynamic-link library (DLL) files encrypted and obfuscated with the IntelliLock obfuscator to prevent reverse engineering attempts1. As of the time of writing, the group has employed the double-extortion method within their attack chain, in which they steal data from compromised organisations and threaten to leak it if their ransom demand is not paid. Some prominent current events involving the Mallox ransomware group include their claim of responsibility for the cyber-attack against the Federation of Indian Chambers of Commerce & Industry (FICCI) in June 20232, their recruitment efforts for a new Ransomware-as-a-Service (RaaS) affiliate programme, and their increased activity in targeted attacks against organisations with vulnerable SQL servers3. In August 2023, the Mallox ransomware group were detected to have enhanced their attack efforts by adding several malware payloads to their toolset, including REMCOS RAT, BatCloak and Metasploit4.

Targeted Sectors

The Mallox ransomware group has been detected to have targeted organisations within the industry sectors of manufacturing, food and beverage and retail.

Threat Actor Motivations

The motives of the Mallox ransomware group can be evaluated by observing the strategies they apply within the context of their attack campaigns. Due to their target set, as well as the list of intrusion methods applied by the group, it is almost certainly the case that Mallox operations are motivated purely on the basis of financial gain.

The Quorum Cyber Threat Intelligence team provides ransomware reports so that you can better understand the threats facing your organisation.

Download your report to read more today.