Fargo

Malware updated a month ago (2024-11-29T13:46:42.226Z)
Download STIX
Preview STIX
Fargo, also known as Mallox and Tohnichi, is a ransomware strain that targets Microsoft Windows systems. It first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. This malicious software is distributed primarily to unsecured MS-SQL servers, exploiting vulnerabilities to gain access, disrupt operations, and potentially hold data hostage for ransom. The malware has been particularly active recently, with various researchers referring to it as Mallox, TargetCompany, or Fargo. The malware has shown a specific interest in targeting financial services apps, including PhonePe in India, WeChat, Bank of America, Wells Fargo in the U.S., Binance in Malta, Barclays in the U.K., QNB Finansbank in Turkey, and CaixaBank in Spain. This indicates a broad geographical distribution and an intent to infiltrate high-value targets where significant financial transactions occur. Wells Fargo's stance is that customers are responsible for losses if attackers use wire transfers to steal money from their checking accounts, highlighting the potential financial risks associated with this malware. Despite the same name, it's important not to confuse the Fargo ransomware with the popular film and TV show "Fargo". The movie, set in snowy North Dakota, features characters like a desperate-for-money car dealer Jerry Lundegaard and his criminal partners, and has inspired a successful TV series. The malware, on the other hand, is a serious cybersecurity threat that has had significant impacts on businesses and individuals worldwide since its emergence in 2021.
Description last updated: 2024-06-06T19:16:50.431Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mallox is a possible alias for Fargo. Mallox is a potent malware that has been causing significant disruption in the digital world. This ransomware, primarily infiltrating networks via SQL servers, has shown its ability to adapt and evolve over time. PCrisk has identified new variants of Mallox that append extensions such as .ma1x0, .co
4
Tohnichi is a possible alias for Fargo. Tohnichi, also known as Mallox, TargetCompany, and Fargo, is a ransomware strain that primarily targets Microsoft Windows systems. This malware first surfaced in June 2021 and has since claimed to have infected hundreds of organizations worldwide. The group behind this malicious software is associat
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.