The Mallox Ransomware Gang's Attack on Measuresoft

The Mallox ransomware gang has attacked Measuresoft. Measuresoft is a software company that specializes in providing industrial automation and process control solutions. They offer software products and services designed to help businesses in various industries monitor and control their processes, collect and analyze data, and improve operational efficiency. Mallox posted Measuresoft to its data leak site on October 3rd but provided no further details.

Background of Mallox

Industry analysts first detected Mallox in June 2021. The group was initially dubbed “TargetCompany” because it appended encrypted files with the target company’s name. In an interview conducted in January 2023, the threat actors responsible for Mallox clarified that each major update of the ransomware involved changing the encryption algorithm and decryptor characteristics. These updates were accompanied by modifications to file name extensions, leading to the evolution of the group's names.

Evolution of Mallox Ransomware

Earlier variants of Mallox provided a contact site with the extension ".onion" for negotiations and delivered ransom notes titled "How to decrypt files.txt." However, in later variants, the ransomware stopped using the targeted company's name as file name extensions. During mid- to late 2022, the group was referred to as Fargo due to the extension added to its encrypted files at that time. Additional extensions employed by the ransomware group included ".mallox" and ".xollam." These later variants were observed utilizing a combination of Chacha20, Curve 25519, and AES-128 algorithms for file encryption.

Eventually, the ransomware group established a data leak site called Mallox, and subsequent variants dropped ransom notes labeled as "HOW TO RECOVER!!.txt."