MALASLOCKER, THE ROBIN HOOD OF THE RANSOMWARE GANGS
There is a new cybercriminal ransomware group in town: as reported by Bleeping Computer, the gang goes under the identifier of MalasLocker and targets small and medium companies worldwide.
The group seems specialized in the hacking of Zimbra servers to steal emails and encrypt files.
So far, everything fairly standard.
What sets this criminal group apart is their ransom demand: the request actually involves a donation to a nonprofit organization of the victim’s choice.
It appears that the primary interest of this group is charity rather than personal gain.
A highly active group
According to reports, the gang’s criminal operations began at the end of March.
With Hackmanac, we have analyzed MalasLocker’s blog to better understand how many victims have been listed so far.
From our initial analysis we have found 169 victims worldwide that the group put under “Defaulters” category.
The most concerning aspect is that the leaked data includes clear-text passwords, not only from Zimbra but also from the LDAP systems.
Italy among the affected countries
Among the victims, we have also found 41 Italian companies (24.26% of the total listed targets):
Studio Negri e Associati
D&G impianti elettrici
Pasquetti Sarti & Partners
Studio Eco Perucca
Studio Rossetti e Partners
AVM Software & Technology
Next Generation Srl
The Italian victims belong to various sectors:
- Manufacturing (11)
- Professional / Scientific / Technical (11)
- ICT (9)
- Telco (2)
- Hospitality (2)
- Construction (2)
- Energy (1)
- Financial (1)
- Wholesale / Retail (1)
- Organizations (1)
In Italy, MalasLocker primarily targets the Manufacturing sector, which was already heavily impacted by cyber attacks last year (as highlighted in our Hackmanac Cyber Attacks Global Report 2023): 27% of the group’s attacks are directed at this category.
An additional 27% of attacks target the Professional / Scientific / Technical sector, while 22% affect ICT category.
A cunning threat
Zimbra is a widely used application, with over 220,000 customers in more than 140 countries.
Unfortunately, like all applications, Zimbra is not immune to vulnerabilities: during our analysis of cyber attacks, we classified several incidents resulting from Zimbra vulnerability exploits (9 in 2022 and already 2 in 2023), many of which were critical.
The fact that the primary targets of this group are small and medium enterprises does not improve the overall situation.
Often, SMEs are more exposed to cyber threats as their defense capabilities and dedicated technical personnel for Cyber Security are lower compared to those of large companies.
Therefore, the advice is to keep Zimbra systems up to date and ensure that the configuration is as hardened as possible.
Stay Cyber safe!
HACKS OF TODAY 02/07/2023
Today's HOT includes 19 ransomware victims by the notorious LockBit 3.0, Play, Darkrace, BlackCat/ALPHV, BianLian, Akira and Trigona gangs. The average Cyber Risk Factor is 3.7. Read...Read More
HACKS OF TODAY 01/06/2023
Today's HOT includes 7 ransomware victims by the notorious LockBit 3.0, Akira, BlackBasta, RansomHouse and Darkrace gangs. The average Cyber Risk Factor is 3.4. Read below the...Read More
HACKS OF TODAY 31/05/2023
Today's HOT includes 7 victims: 5 ransomware by the notorious LockBit 3.0 and BlackBasta gangs and 2 data leaks. The average Cyber Risk Factor is 4.0. Read...Read More