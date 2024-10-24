Ransomware

Mallox ransomware decryption tool issued by Avast

Share
Researchers have publicly released a decryption tool for Rhysida ransomware; other cybersecurity experts say they have privately offered this decryption for months.

Avast has developed and released a free Mallox ransomware decryption tool based on an issue in the ransomware payload's cryptographic schema, reports SecurityWeek.

Organizations impacted by Mallox ransomware, also known as TargetCompany, Fargo, and Tohnichi, could leverage the decryption tool for files encrypted with the .mallox, .malloxx, .mallab, .malox, .ma1xo, .xollam, and .bitenc extensions between 2023 and early 2024, according to Avast. "The crypto-flaw was fixed around March 2024, so it is no longer possible to decrypt data encrypted by the later versions of Mallox ransomware," said Avast. Known vulnerability exploitation and brute-force attacks have been commonly leveraged to facilitate Mallox ransomware attacks, which primarily target Windows systems. Initial compromise would be followed by the delivery of droppers and scripts for escalating privileges and downloading the ransomware, which conducts file encryption using the ChaCha20 algorithm before injecting the ransom note. After ending SQL database-related processes and encrypting data storage-related files, Mallox ransomware proceeds with system file locking, automatic repair defense deactivation, and shadow copy removal.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Data breach confirmed by Henry Schein

Such disclosure of the attack to the Office of the Maine Attorney General comes more than a year after Henry Schein was breached twice by ALPHV/BlackCat, which initially admitted to have stolen 35 TB of files from the firm in Oct. 2023 before claiming another attack nearly a month later before eventually exposing some of the stolen data.

Landmark breach compromises over 800K

Included in the information exfiltrated as a result of the incident were names, tax identification numbers, and Social Security numbers, with a subset of individuals also having their bank account information, driver's license numbers, passport numbers, medical details, routing numbers, health insurance policy details, and life and annuity policy data exposed.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.