In a recent finding of iZOOlogic’s threat monitoring team, we have found that a Mumbai-based company ‘Navnit Group’ had been nicked with about 20GB of data performed by the newly emerged ransomware group called Mallox.
Navnit Group is an Indian company with offices mostly located in Mumbai. The company serves several networks of diverse businesses, including automotive, infrastructure, marine, adventure sports, aviation, and financial services.
The company also boasts of employing over 3,000 skilled personnel, which is one of their keys to successfully selling more than 12,000 vehicles yearly. However, it is an unfortunate discovery that the Indian company had been recently victimised by a relatively new ransomware group, Mallox.
As seen posted in an underground forum, the Mallox ransomware claimed to have obtained 20GB of data from the Navnit Group.
During a routine dark web monitoring, our threat researchers spotted the Mallox ransomware group’s published notice of obtaining a massive corporate database allegedly owned by the Navnit Group.
The published post was added last January 25, comprising three malicious weblinks that interested entities could purportedly download to acquire the Indian company’s stolen databases. Also, alongside the download links is a password provided by the group to acquire the databases successfully.
According to our research team, these data include Navnit Group’s company invoices, photos of certificates of registration, insurance documents, payment details, and warrant details, among others.
Navnit Group has yet to release a comment or any statement regarding the data leak. Thus, the ransomware group’s claims are still unconfirmed. Nevertheless, the company’s customers, partners, and staff must remain vigilant, as such threats from cybercriminals often lead to adverse aftermaths.
The Mallox ransomware group first appeared last year in September, initially targeting organisations from Asia and Europe. Security researchers note that the malware samples spread by the group have commonly been distributed via an unknown [.]NET-based loader.
Then, the [.]NET loader will exfiltrate the targeted companies’ data before encrypting them, deeming it inaccessible. All encrypted files are appended with a [.]Mallox file extension. Finally, the group leaves a ransom note for the victim company, which typically explains how the company could communicate with the threat group and potentially claim their encrypted files back.
Security experts recommend that the victims of the Mallox ransomware group, including Navnit, implement effective cybersecurity procedures within their organisation. These measures include performing phishing simulations and cyber threat awareness training for all employees.
