Mallox

Mallox, also known as Fargo and TargetCompany, is a ransomware strain active since mid-2021 that targets unsecured MS-SQL servers and uses a double extortion tactic, threatening to publish stolen data if the ransom is unpaid.

In 2022, the ransomware group Mallox began using a double extortion tactic, threatening to publish stolen data if the ransom was unpaid. They started using dedicated TOR sites and social media platforms to release exfiltrated data.

The group also threatened to contact victims' partners and warned European victims about potential GDPR violations.

Mallox group targeted entities of various sizes globally, with victims including companies from Germany, the US, Japan, Greece, and India. Stolen data from 20 victims was released between October 2022 and March 2023.

The ransom demands have been reported to range from $1000 to $50,000. Sekoia.io TDR analysts found that in the case of a Colombian-based victim, the ransom amount was reduced from $50,000 to $20,000 within a two-week period.

Read our latest blog articles

Product News

June 23, 2026

Sekoia’s new identity: Designed for clarity

Sekoia has partnered with branding agency Bruno to develop a new brand identity and digital experience that reflects who we really are.

Sekoia Team

Threat Research & Intelligence

TDR

June 11, 2026

APT28, an evolution of tradecraft

Sekoia TDR looks back at how APT28's arsenal has evolved over two decades, from its signature X-Agent implants to disposable modules, edge-device infrastructure and the first LLM-driven malware.

Amaury-Jacques GARCON

Threat Detection & Research Team

Threat Research & Intelligence

TDR

June 16, 2026

Unveiling ErrTraffic: inside a growing ClickFix malware distribution framework

This report details the ErrTraffic threat and its associated ecosystem, highlighting three specific campaigns and their operators' arsenal.

Jérémy SCION

Quentin BOURGUE

Threat Detection & Research Team