Cert2Connect

Mallox Ransomware Linux Variant Decryptor Found

The report analyzes the Mallox ransomware which has been active since mid-2021 and focuses on multi-extortion by encrypting victims data and threatening to post it on public TOR sites. Initially targeting Windows systems Mallox has now developed Linux variants using custom Python scripts for payload delivery and data exfiltration. The analysis reveals a Flask-based web panel for creating Linux ransomware builds with capabilities like user authentication build management and admin functions. The encryptor uses AES-256-CBC encryption with a specific key and IV appends the .lmallox extension to encrypted files and drops a ransom note. The report also includes decryptors for various build IDs and covers Uptycs XDR detection capabilities and indicators of compromise.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak