Mallox ransomware decryption tool issued by Avast

Avast has developed and released a free Mallox ransomware decryption tool based on an issue in the ransomware payload's cryptographic schema, reports SecurityWeek.

Organizations impacted by Mallox ransomware, also known as TargetCompany, Fargo, and Tohnichi, could leverage the decryption tool for files encrypted with the .mallox, .malloxx, .mallab, .malox, .ma1xo, .xollam, and .bitenc extensions between 2023 and early 2024, according to Avast. "The crypto-flaw was fixed around March 2024, so it is no longer possible to decrypt data encrypted by the later versions of Mallox ransomware," said Avast. Known vulnerability exploitation and brute-force attacks have been commonly leveraged to facilitate Mallox ransomware attacks, which primarily target Windows systems. Initial compromise would be followed by the delivery of droppers and scripts for escalating privileges and downloading the ransomware, which conducts file encryption using the ChaCha20 algorithm before injecting the ransom note. After ending SQL database-related processes and encrypting data storage-related files, Mallox ransomware proceeds with system file locking, automatic repair defense deactivation, and shadow copy removal.