Hackread reports that Linux systems are having their data encrypted with a new variant of the Mallox ransomware, also known as TargetCompany, Mawahelper, and Fargo.
While older iterations of Mallox ransomware were spread in the form of .DLL, .EXE, or .NET-based files via breached Windows MS-SQL servers, the updated version for Linux was delivered through a custom Python script and leveraged robust AES-256 CBC algorithm-based encryption, as well as allowed user authentication, login and password reset, and other functions, according to a report from Uptycs.
Further analysis of the Python script showed a Flask framework-based web panel that allowed the development of custom Mallox variants, as well as deployment management and ransomware downloading activities.
With the researchers' discovery of the Mallox ransomware decryptor signaling yet another update to the malicious payload, organizations have been urged to defend themselves through regular data backups, up-to-date software implementations, and increased vigilance of suspicious links and attachments.
