Attacks by the Mallox ransomware operation against vulnerable Microsoft SQL servers have increased by 174% over the past year, with the group's intrusions mostly aimed at the manufacturing, professional and legal services, and wholesale and retail sectors, reports The Hacker News.
Microsoft SQL servers have been infiltrated by Mallox ransomware through dictionary brute force attacks, which would then be followed by the execution of a PowerShell command that facilitates ransomware payload retrieval, according to a Trend Micro report. Aside from working to remove SQL-related services, volume shadow copies, and clear system event logs, Mallox ransomware also evades the ransomware-combating open-source tool Raccine prior to file encryption. Researchers also noted that Mallox ransomware has been bolstering its recruitment initiatives.
"The Mallox ransomware group has been more active in the past few months, and their recent recruiting efforts may enable them to attack more organizations if the recruitment drive is successful," said researchers.
Ransomware, Threat Management
Mallox ransomware ramps up attacks against vulnerable Microsoft SQL servers
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds