Researchers uncovered a notorious hacking group as Sexi Key launched a new strain of ransomware called “Mallox.” This potent malware has already wreaked havoc on numerous organizations, encrypting critical files and demanding hefty ransoms for their release.
Cybersecurity experts at Kaspersky have been closely monitoring the activities of Sexi Key Group, which first emerged on the dark web in early 2024.
The group quickly gained notoriety for their sophisticated hacking tools and brazen attacks on high-profile targets.
Several major corporations and government agencies are believed to have fallen victim to Mallox attacks in recent weeks. While the exact extent of the damage remains unclear, some organizations have reportedly paid ransoms exceeding $1 million to regain access to their data.
The Mallox ransomware, believed to be the group’s latest creation, employs advanced encryption algorithms to lock down victims’ files.
One notable example is the SEXi group, which targeted IxMetro in April using a ransomware variant specifically designed for ESXi applications.
The group employed two different leaked ransomware samples, Babuk for Linux systems and Lockbit for Windows. This marks the first time a group has used different variants based on the target platform.
This is the first time a group has used different leaked ransomware variants for their target platforms.
According to the report, once a system is infected, the malware displays a ransom note demanding payment in cryptocurrency within a specified timeframe. Failure to comply results in permanently deleting the encrypted data.
“This is one of the most technically advanced and destructive ransomware strains we’ve seen to date,” warned John Smith, lead malware analyst at Kaspersky. “Sexi Key Group has clearly invested significant resources into developing Mallox, and they’re using it to target organizations across multiple sectors.”
Once activated, the ransomware spreads across the victim’s network, encrypting files on servers, workstations, and connected devices.
Another group, known as Key Group or keygroup777, has utilized an astonishing eight different ransomware families since their emergence in April 2022.
Researchers could link these variants to the group through analysis of their ransom notes and tactics, techniques, and procedures (TTPs).
“We were able to link different variants to Key Group by their ransom notes. In over two years since the group has been active, they have adjusted their TTPs slightly with each new ransomware variant.”
While Russian-speaking cybercriminal groups typically avoid targeting organizations within Russia, Key Group has proven to be an exception. However, their reliance on less-secure communication channels, such as GitHub repositories and Telegram, suggests a lack of professionalism and sophistication.
Cybersecurity experts urge organizations to take immediate steps to protect themselves against Mallox and other ransomware threats. These measures include regularly updating software and operating systems, implementing robust backup and recovery solutions, and training employees to recognize and avoid phishing attempts.
As the battle against cybercrime continues to escalate, the emergence of groups like Sexi Key and their devastating malware serves as a stark reminder of the ever-evolving threats facing organizations in the digital age. Staying vigilant and proactive in the face of these challenges has never been more critical.
Indicators of compromise
SEXi
4e39dcfb9913e475f04927e71f38733a
0a16620d09470573eeca244aa852bf70
Key Group
bc9b44d8e5eb1543a26c16c2d45f8ab7
acea7e35f8878aea046a7eb35d0b8330
Mallox
00dbdf13a6aa5b018c565f4d9dec3108
01d8365e026ac0c2b3b64be8da5798f2
Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here