2 min Security

Mallox ransomware targeting Windows is on the rise

Mallox ransomware targeting Windows is on the rise

Ransomware group Mallox is on a steep rise. The attack targeting Windows systems is experiencing an increase of nearly 174 percent compared to the previous year.

That’s according to data from Palo Alto Networks. Mallox abuses unsecured Microsoft SQL servers to spread ransomware. The strain has been active since June 2021 and continues to look for ways to compromise networks. In doing so, Palo Alto Networks observes tactics around brute forcing, data exfiltration and network scanners.


The Mallox ransomware uses double extortion tactics. This involves encrypting and stealing data, in order to also threaten to leak data. This tactic is meant to convince victims to pay the ransom. The group behind Mallox sends victims a private key to enable communication so that terms and payment can possibly be negotiated.

According to the hacker group, there are now hundreds of victims. Palo Alto Networks notes that it is unclear how many victims there actually are. However, based on data from open threat intel sources, the security company can make a decent estimate. For example, there would be a 174 percent increase in Mallox attacks. The chart below shows more about the trend.

Last year, December in particular saw a spike in Mallox activity. After that it declined somewhat, but in the last few months the number of attacks seems to be increasing again.

Also read: Meet NoEscape, the return of the Avaddon RaaS gang