SentinelOne VS Mallox Ransomware – Detection, Mitigation and Remediation

Mallox ransomware has been active since mid-2021, with a surge in activity between September and December 2022. It is also known as “TargetCompany” or “Fargo” ransomware. Mallox payloads are usually .NET-based .EXE or .DLL files that can be spread through various methods, including exposed MS-SQL servers and phishing/spam emails. It uses a combination of AES-128 and ChaCha20 for encryption and terminates a list of processes and services without attempting to hide its malicious activity. The extortion group encrypts victims’ data and threatens to post it on their public TOR-based sites.

~~~Subscribe to our channels:~~~
Website: https://www.sentinelone.com/​​
LinkedIn: https://www.linkedin.com/company/sent​​…
Twitter: https://twitter.com/SentinelOne​​
Facebook: https://www.facebook.com/SentinelOne/​​
Instagram: https://www.instagram.com/sentinelsec/​​
~~~~~~~~~~~~
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com.