news
MALASLOCKER, THE ROBIN HOOD OF THE RANSOMWARE GANGS

There is a new cybercriminal ransomware group in town: as reported by Bleeping Computer, the gang goes under the identifier of MalasLocker and targets small and medium companies worldwide.
The group seems specialized in the hacking of Zimbra servers to steal emails and encrypt files.
So far, everything fairly standard.
What sets this criminal group apart is their ransom demand: the request actually involves a donation to a nonprofit organization of the victim’s choice.
It appears that the primary interest of this group is charity rather than personal gain.
A highly active group
According to reports, the gang’s criminal operations began at the end of March.
With Hackmanac, we have analyzed MalasLocker’s blog to better understand how many victims have been listed so far.
From our initial analysis we have found 169 victims worldwide that the group put under “Defaulters” category.
The most concerning aspect is that the leaked data includes clear-text passwords, not only from Zimbra but also from the LDAP systems.
Italy among the affected countries
Among the victims, we have also found 41 Italian companies (24.26% of the total listed targets):
Banco Azzoaglio | azzoaglio.it |
Aster Cucine | astercucine.it |
KondorCS | kondorcs.com |
Azzurra Group | azzurrabagni.com |
Studio Negri e Associati | negriassociati.com |
HostingPerTe | hostingperte.it |
D&G impianti elettrici | degimpiantielettrici.it |
Sallemi Carburanti | sallemicarburanti.it |
BEI Srl | beisrl.it |
Transitus Group | trw-italia.com |
Mappy Italia | mappyitalia.com |
Balbi Srl | balbi.it |
Steelgroup | steelgroup.com |
Pasquetti Sarti & Partners | pspartners.it |
Studio Eco Perucca | studioecoperucca.it |
Studio Rossetti e Partners | studiorossetti.net |
Riboli srl | riboli.it |
Studio Consulenza | studioconsulenza.com |
3Punto6 | 3punto6.com |
FEA srl | feasrl.eu |
Grassi srl | grassionline.com |
Vegliolux | veglio.com |
AVM Software & Technology | avm-it.com |
Specialinsert | specialinsert.it |
PMP Meccanica | pmpmeccanica.com |
ATE Elettronica | atesistemi.it |
Onubo s.r.l. | onubo.com |
Commerciale Ferramenta | commercialeferramenta.it |
Winner Italia | winnercenter.it |
Villa Grazioli | villa-grazioli.it |
NTA srl | ntasrl.com |
Confindustria Energia | confindustriaenergia.org |
FinRe Consulting | finreconsulting.it |
Next Generation Srl | nextgenerationsrl.it |
Studio Papa | studiopapa.net |
Hotel Smeraldo | smeraldoroma.com |
AMET | amet.it |
Livitek | livitek.com |
Propac S.r.l. | propac.it |
BeeVoip | beevoip.it |
Anstel | anstel.it |
The Italian victims belong to various sectors:
- Manufacturing (11)
- Professional / Scientific / Technical (11)
- ICT (9)
- Telco (2)
- Hospitality (2)
- Construction (2)
- Energy (1)
- Financial (1)
- Wholesale / Retail (1)
- Organizations (1)
In Italy, MalasLocker primarily targets the Manufacturing sector, which was already heavily impacted by cyber attacks last year (as highlighted in our Hackmanac Cyber Attacks Global Report 2023): 27% of the group’s attacks are directed at this category.
An additional 27% of attacks target the Professional / Scientific / Technical sector, while 22% affect ICT category.
A cunning threat
Zimbra is a widely used application, with over 220,000 customers in more than 140 countries.
Unfortunately, like all applications, Zimbra is not immune to vulnerabilities: during our analysis of cyber attacks, we classified several incidents resulting from Zimbra vulnerability exploits (9 in 2022 and already 2 in 2023), many of which were critical.
The fact that the primary targets of this group are small and medium enterprises does not improve the overall situation.
Often, SMEs are more exposed to cyber threats as their defense capabilities and dedicated technical personnel for Cyber Security are lower compared to those of large companies.
Therefore, the advice is to keep Zimbra systems up to date and ensure that the configuration is as hardened as possible.
Stay Cyber safe!
Latest news
HACKS OF TODAY 02/07/2023
Today's HOT includes 19 ransomware victims by the notorious LockBit 3.0, Play, Darkrace, BlackCat/ALPHV, BianLian, Akira and Trigona gangs. The average Cyber Risk Factor is 3.7. Read...
Read MoreHACKS OF TODAY 01/06/2023
Today's HOT includes 7 ransomware victims by the notorious LockBit 3.0, Akira, BlackBasta, RansomHouse and Darkrace gangs. The average Cyber Risk Factor is 3.4. Read below the...
Read MoreHACKS OF TODAY 31/05/2023
Today's HOT includes 7 victims: 5 ransomware by the notorious LockBit 3.0 and BlackBasta gangs and 2 data leaks. The average Cyber Risk Factor is 4.0. Read...
Read More