Mallox Ransomware Flaw Lets Victims Recover Files Without Ransom Payment. Previously known as TargetCompany, ransomware has undergone several evolutionary changes since its initial appearance.
While the malicious actors addressed an earlier cryptographic weakness in February 2022, their subsequent modifications introduced new vulnerabilities that now allow for file recovery without requiring the private ECDH key.
The vulnerability affected versions of the active malware throughout 2023 and early 2024, though the attackers patched it in March 2024.
Avast researchers have uncovered a critical flaw in the Mallox ransomware’s cryptographic schema, enabling victims to recover their encrypted files without paying ransom demands.
National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now
Identifying Affected Systems
Victims can identify if they’ve been affected by the decryptable version by looking for files with specific extensions, including .bitenc, .ma1x0, .mallab, .malox, .mallox, and .xollam.
The vulnerable version of the malware typically leaves ransom notes in each affected folder with names such as “FILE RECOVERY.txt” or “HOW TO RESTORE FILES.txt”.
Avast has released a free decryption tool that can restore affected files. The recovery process requires:
- Running the decryptor on the originally infected computer
- Administrative privileges for the decryption process
- Backing up encrypted files before attempting recovery
The discovery represents a significant setback for the Mallox operation, which has been actively targeting organizations worldwide.
The ransomware group maintained a presence on social media platforms and operated a Dark Web leak site, documenting victims through June 2024.
Without paying the ransom, affected organizations faced the risk of complete data loss or potential exposure of stolen information.
Security experts emphasize the importance of maintaining vigilance against ransomware attacks, as threat actors continuously modify their tactics.
Organizations should monitor for suspicious system behavior, such as unusual processing loads or memory usage, which could indicate an ongoing attack.
The availability of this decryption solution offers hope to victims while highlighting the importance of robust cybersecurity measures and regular system backups.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here