Any files that are encrypted with TargetCompany/Mallox Ransomware will have a .tohnichi, .artiis, .herrco, .mallox, .brg, .architek, .herrco, .exploit, .carone, .avast, .consultransom, .devicZz, .bozon, .acookies, .bozon3, .FARGO, .Fargo3, .milovski, .xollam, .bitenc, .malox, .mawahelper, .brocamel, .encrypted, .malloxx, .ma1x0 extension appended to the end of the encrypted data filename and typically will leave files (ransom notes) named How to decrypt files.txt, HOW TO RECOVER !!.TXT, RECOVERY INFORMATION.txt, FILE RECOVERY.txt, RECOVERY INFORMATION !!!.txt, RECOVERY FILES.txt, How to decrypt files.txt, as explained here by Amigo-A (Andrew Ivanov).
TargetCompany Ransomware encrypts user data using a combination of ChaCha20, AES-128, Curve25519 algorithms.
Avast released a free TargetCompany Ransomware utility for victims of this ransomware which may restore encrypted files under certain circumstances. However, the criminals changed the encryption process for newer variants so the Avast decryptor does not support all variants. If you have 64-bit Windows, choose the 64-bit build (avast_decryptor_targetcompany64.exe); If you have 32-bit Windows, chose the 32-bit build (avast_decryptor_targetcompany.exe). Run the executable file to start the decryptor which leads you through the configuration of the decryption process.
If the Avast decryptor does not work on the variant which infected your files, rivitna (Andrey Zhdanov) may be able to help some victims of older variants. rivitna has provided a public link to the Mallab Decryptor for victims infected by several variants.
I have updated #Mallox #Ransomware #decryptor.The decryptor doesn't support the latest version of Mallox.password: noransommallox0 *.mallox (from October 2022 to March 2023) xollam0 *.xollam (January 2023) bitenc *.bitenc (January 2023) malox *.malox (from April 2023 to July 2023) maloxx *.maloxx (Juny 2023) mallox1 *.mallox (August 2023) xollam1 *.xollam (August 2023) malloxx *.malloxx (August 2023) mallab *.mallab (from September 2023 to October 2023) mallox2 *.mallox (from November 2023 to February 2024) ma1x0 *.ma1x0 (February 2024)
This decryptor brutes decryption key.
To get the decryption key, you need run the decryptor on the compromised computer (!).MallabDecryptorEx.exe -type <ENCTYPE> -key <ENCFILE>ENCTYPE: old_mallox *.mallox (from October 2022 to March 2023) old_xollam *.xollam (January 2023) bitenc *.bitenc (January 2023) malox *.malox (from April 2023 to July 2023) mallox *.mallox (August 2023) xollam *.xollam (August 2023) malloxx *.malloxx (August 2023) mallab *.mallab (from September 2023 to October 2023) (by default) ENCFILE - any encrypted file.If successfully, 'keys.bin' will be created. You don't need to do this stage anymore.
If Windows is reinstalled or the system disk is formatted, the key can also be bruted. In this case write me.
To brute the decryption key, you need run the decryptor only on the compromised computer!!!
If Windows has been reinstalled or if the system disk has been formatted, the key can also be bruted.
In these cases, write to me.
If you have become a victim of the "corporate" version of Mallox, also write to me.
my files were encrypted by the virus.
I check the files and found that the encrypted file has two characteristics, one is that the file is 88 bytes longer than the original file. The second is that the last 32 bytes of each file are the same
I want to decrypt the file, can anyone help me?
Back to top
