Mallox ransomware has been notable for its speed in encrypting files, the group mainly uses spam email campaigns and trojans to break into victims’ systems.
Like some groups, Mallox avoids targeting users in specific countries, such as Russia, Kazakhstan, Ukraine and Qatar.
Once the ransomware invades the system it analyses the language used by the operating system, if it is from one of the restricted countries the encryption is not performed and if it has already been started the decryption key is released for free.
In addition to analyzing the language, the ransomware seeks to raise the permission to be able to access more privileged networks, and the repair mode and automatic startup is canceled.
After all these preparations the encryption is started and quickly all files are modified, the .mallox extension is added to all encrypted files. The Encryption cannot be broken by deleting the extension, it can only be broken with the decryption key or with the help of a specialized company.
Only the group has the decryption key and it charges a considerable amount to release it, the group leaves a note on the desktop with all the instructions on how the victim can contact the group for the payment of the ransom, which is done with cryptocurrencies.
Paying the ransom is not the only way out, there are companies that can recover the encrypted files without the need of the decryption key, Digital Recovery is capable of that.
Recover Files Encrypted by Mallox Ransomware
Digital Recovery specializes in recovering ransomware-encrypted files of any length on any storage device.
With over 20 years of experience we have honed our ability to develop technologies for data recovery, this puts us ahead of other companies when it comes to recovering files encrypted by ransomware.
All our processes are unique and have been developed based on the General Data Protection Act (GDPR) and we have signed a confidentiality agreement (NDA) with all our clients.
Contact us and start the recovery process right now.
