https://bit.ly/3Rmzron - 🔒 Mallox, a persistent ransomware threat first identified in 2021, continues to exploit enterprises, particularly through vulnerabilities in MS-SQL. Operating under a Ransomware-as-a-Service (RaaS) model, Mallox targets unpatched systems and uses brute force attacks to gain access. This activity underscores the ongoing risk posed by ransomware to business data security. #MalloxCyberThreat #RansomwareAlert 🌐 Mallox gains initial access through exploitation of MS-SQL and ODBC interfaces, targeting specific vulnerabilities. The group focuses on vulnerabilities like CVE-2019-1068 in Microsoft SQL Server and CVE-2020-0618 in Microsoft SQL Server Reporting Services, alongside brute force attacks. This strategy highlights the importance of regular system updates and strong security configurations. #CyberSecurity #VulnerabilityManagement 💻 Post-compromise, Mallox actors utilize PowerShell commands to download and execute ransomware payloads. They employ scripts to terminate processes that could hinder encryption routines, reflecting a sophisticated approach to system compromise. Understanding these tactics is crucial for defenders to effectively protect their networks. #MalwareAnalysis #NetworkDefense 🔐 Recent Mallox payloads, labeled "Mallox.Resurrection," display consistent core functionalities, indicating a successful, unaltered formula. These payloads exempt certain file types and processes from encryption and modify system recovery settings, making it difficult for administrators to restore affected systems. #RansomwareTactics #DigitalProtection 📝 Mallox threats often conclude with encrypted files receiving the .mallox extension and a ransom note demanding payment for decryption. Failure to comply results in threats of public data exposure on Mallox's data leak site. This tactic emphasizes the critical need for robust backup strategies and incident response planning. #DataSecurity #CyberRiskManagement In conclusion, Mallox's ongoing ransomware activities, exploiting MS-SQL vulnerabilities and employing sophisticated encryption techniques, serve as a reminder for enterprises to prioritize cybersecurity and stay vigilant against evolving threats.

https://bit.ly/3R2BkYs - 🔒 The BlackCat ransomware group has taken an unprecedented step by reporting one of its victims, MeridianLink, to the US Securities and Exchange Commission (SEC). This move is an attempt to pressure the digital lending solutions provider into paying a ransom after a data breach on November 7. BlackCat claims to have exfiltrated sensitive data from MeridianLink. #Cybersecurity #RansomwareAttack #BlackCat 🚨 In a strategic maneuver, BlackCat utilized new SEC rules requiring companies to disclose breaches with material impact within four days. They filed a complaint on the SEC's "Tips, Complaints, and Referrals" site, alleging MeridianLink's failure to disclose the breach in compliance with the SEC's regulations. This tactic represents a new approach in ransomware strategy, using regulatory compliance as leverage. #SECRules #DataBreachDisclosure #RegulatoryCompliance ⏳ Although BlackCat gave MeridianLink 24 hours to comply with the ransom demand, the effectiveness of this strategy might be limited. The new SEC reporting rules that BlackCat is attempting to leverage do not come into effect until December 15, making this more of a warning to future victims rather than a real threat to MeridianLink. #CyberThreats #RansomwareTactics #SECRegulations 📊 ImmuniWeb's chief architect, Ilia Kolochenko, suggests that ransomware groups reporting their victims to regulatory agencies might become more common, increasing risks for publicly listed companies. He advises that firms should revise their digital forensics and incident response strategies to include legal expertise in cybersecurity, as a well-managed response can significantly mitigate legal and financial repercussions. #CyberRiskManagement #IncidentResponse #DigitalForensics 📢 MeridianLink has responded, stating they discovered the incident on November 10 and acted swiftly to contain the threat. They claim the attackers did not access their production platforms, and the incident caused minimal business interruption, indicating a prompt and effective response to the cyber threat.