Ransomware Group

Mallox

Also known as: TargetCompany, Fargo, Tohnichi

Status: active • First seen 2021-06300+ known victims

Mallox hackers look for business databases connected to the internet and try to guess the passwords. Once they get in, they steal data and lock up the entire network, demanding payment in Bitcoin.

Overview

Mallox is a ransomware strain that primarily targets organizations through exposed Microsoft SQL servers. The group uses brute force attacks and exploits weak database credentials.

Target Industries

Manufacturing, Retail, Technology, Professional Services

How They Attack

  • MS-SQL brute force
  • Credential stuffing
  • Double extortion
  • RDP exploitation

Notable Victims

Database-heavy organizations (2023), Multiple SMBs

Is your business exposed?

How to Protect Against Mallox

  1. 1.

    Never expose MS-SQL directly to the internet

  2. 2.

    Use strong, unique passwords for database accounts

  3. 3.

    Enable SQL Server audit logging

MITRE ATT&CK Techniques

T1110, T1078, T1486, T1021.001

Related Groups

Trigona

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices