Mallox ransomware gang has claimed the Federation of Indian Chambers of Commerce and Industry (FICCI), the apex organization of Indian trade bodies in India, as a victim.
The Federation of Indian Chambers of Commerce & Industry (FICCI) is a non-governmental trade association and advocacy group based in India.
The Mallox gang posted the ransom note on 21 February. According to the note, the threat group has access to about 1.28 GB of data of the organization.
The Cyber Express reached out to FICCI regarding the post on the ransomware gang’s leak site. We are yet to receive a response from the organization.
The ransom note comes days after the trade body signed a memorandum of understanding (MoU) with Middle East trading conglomerate Lulu Group International to increase exports from India to the UAE.
The agreement was signed on the first anniversary of the India-UAE Comprehensive Economic Partnership Agreement, which was established to increase bilateral trade and investment by 120%.
As per the MoU, Lulu Group will work with FICCI to promote new Indian companies and products in the UAE.
FICCI, trade bodies, and ransomware attacks
The Federation of Indian Chambers of Commerce and Industry (FICCI), founded in 1927, is a trade lobby with the established ail of promoting the growth of Indian businesses and industries by providing them with a platform to voice their concerns and interests.
The organization has a diverse membership base that includes small and large businesses, multinational corporations, industry associations, and chambers of commerce.
FICCI is involved in several areas such as policy advocacy, research and analysis, networking and partnerships, and skill development.
In addition to its activities in India, FICCI also has a strong international presence. The organization has partnerships with several international organizations and works closely with them to promote the interests of Indian businesses and industries on the global stage.
This reach and access to data make trade bodies preferred targets of cybercriminals.
In August 2022, a massive cyber-attack forced the Association of German Chambers of Industry and Commerce (DIHK) to shut down all of its IT systems. The organization literally had to switch off all digital services, email servers, and telephones.
The earliest of such targeted cyber-attacks was spotted in 2010, when Hackers from China breached the IT systems of the U.S. Chamber of Commerce. The hackers could access the operational data and information of the chamber’s 3 million members, it was reported then.
Citing sources familiar close to the matter, the Wall Street Journal reported that the cyber attack involved at least 300 IP addresses and was discovered and shut down in May 2010.
Mallox ransomware: mode of operation
“Mallox is a ransomware strain that has been around since 2021 and is also known as Fargo. The ransomware encrypts files on compromised machines and typically adds a “.mallox” file extension to the affected files,” said a FortiGuard Labs report.
“Mallox leaves a ransom note titled “FILE RECOVERY.txt” that contains the ransom message, victim’s private key, and a TOR site address where victims can contact the attacker. The TOR site also works as a data leak site where information stolen from the victims will be released if ransom payment is not made.”
Mallox ransomware is distributed via phishing emails, malicious websites, and spam campaigns. Once it infects a system, it encrypts the files and demands a ransom payment in exchange for the decryption key.
According to a threat analysis by Cyble Research and Intelligence Labs (CRIL) there was a spike in Mallox ransomware samples in November and December 2022, indicating that the ransomware is active, spreading rapidly, and infecting users.
Mallox ransomware is under active development, with new versions being released frequently, showing that the creators of Mallox are continuing to refine and evolve their tactics, noted the FortiGuard Labs report