In a surprising twist on traditional ransomware attacks, a group known as MalasLocker has recently emerged, targeting businesses’ Zimbra servers with a socially-driven objective. Rather than demanding a ransom payment for their own benefit, this group requests that victims make a donation to a charity of their choosing. The group’s activities were brought to light by cybersecurity researcher Brett Callow from Emsisoft.
MalasLocker, believed to be from a Spanish-speaking country, has already leaked sensitive data from three breached organizations, along with Zimbra configurations for 169 other victims. It remains unclear how the group managed to compromise the Zimbra servers, including whether they exploited any zero-day vulnerabilities or developed specific malware for this purpose.
Upon encrypting the files and gaining control of the servers, MalasLocker leaves a unique ransom note, distinguishing itself from traditional ransomware groups. Rather than requesting a direct payment, they express their disapproval of corporations and economic inequality. Instead, they ask victims to make a donation to a non-profit organization approved by the group, suggesting it could lead to potential tax deductions and positive public relations for the affected businesses.
MalasLocker operates a leak site that echoes their message, but with an interesting twist. They instruct companies to select a non-profit of their choice, make a donation, and provide proof of the transaction by forwarding the confirmation email. The group then verifies the authenticity of the email through the DKIM signature. However, it remains uncertain whether the attackers actually provide the decryptor to the targeted companies that comply with their demands.
As this unconventional ransomware campaign continues, businesses must remain vigilant and take proactive measures to secure their servers and protect sensitive data. The emergence of hacktivist groups like MalasLocker highlights the evolving landscape of cyber threats, where criminal activities are being utilized to pursue positive social goals. Organizations must invest in robust cybersecurity measures and stay updated on the latest threat intelligence to effectively mitigate the risks posed by these evolving threats.
