Hackers target MS-SQL servers with Mallox Ransomware deployment

May 14, 2024
1 min read


  • Hackers are exploiting MS-SQL servers to deploy Mallox ransomware, targeting organizations storing sensitive information.
  • Cybersecurity researchers at Sekoi discovered the active exploitation and technical analysis of the attacks.

Information stored on MS-SQL servers, such as financial records and customer information, makes them lucrative targets for hackers. Weak passwords, unpatched vulnerabilities, and misconfigurations make these servers susceptible to automated scanning and exploitation tools. Cybersecurity researchers at Sekoi recently uncovered a trend where hackers are actively exploiting MS-SQL servers to deploy Mallox ransomware.

The researchers found that an MS-SQL honeypot deployed on April 15th was quickly compromised through brute-force attacks on the weak “sa” account. Attackers used MS-SQL exploits to deploy Mallox ransomware using PureCrypter. This ransomware-as-a-service operation distributes various variants of the Mallox ransomware, known for double extortion attacks.

Mallox operators exploit MS-SQL server vulnerabilities, brute-force weak credentials, and leverage phishing for initial access. The ransomware evolved from a tier group operation to a RaaS model, recruiting affiliates on forums like RAMP. It uses evasion techniques like environment detection and privilege adjustments. Mallox has impacted various sectors, including manufacturing and retail, utilizing data exfiltration and triple extortion strategies.

The technical analysis by Sekoi revealed the deployment flow of Mallox ransomware, showing how attackers loaded the ransomware using PureCrypter. The attackers exploited MS-SQL gaps during the initial compromise to infiltrate the organization’s network. This discovery sheds light on the importance of securing MS-SQL servers to prevent ransomware attacks and data breaches.

Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact