news

MALASLOCKER, THE ROBIN HOOD OF THE RANSOMWARE GANGS

There is a new cybercriminal ransomware group in town: as reported by Bleeping Computer, the gang goes under the identifier of MalasLocker and targets small and medium companies worldwide.

The group seems specialized in the hacking of Zimbra servers to steal emails and encrypt files.

So far, everything fairly standard.

What sets this criminal group apart is their ransom demand: the request actually involves a donation to a nonprofit organization of the victim’s choice.

It appears that the primary interest of this group is charity rather than personal gain.

A highly active group

According to reports, the gang’s criminal operations began at the end of March.

With Hackmanac, we have analyzed MalasLocker’s blog to better understand how many victims have been listed so far.

From our initial analysis we have found 169 victims worldwide that the group put under “Defaulters” category.

The most concerning aspect is that the leaked data includes clear-text passwords, not only from Zimbra but also from the LDAP systems.

Italy among the affected countries

Among the victims, we have also found 41 Italian companies (24.26% of the total listed targets):

Banco Azzoaglio	azzoaglio.it
Aster Cucine	astercucine.it
KondorCS	kondorcs.com
Azzurra Group	azzurrabagni.com
Studio Negri e Associati	negriassociati.com
HostingPerTe	hostingperte.it
D&G impianti elettrici	degimpiantielettrici.it
Sallemi Carburanti	sallemicarburanti.it
BEI Srl	beisrl.it
Transitus Group	trw-italia.com
Mappy Italia	mappyitalia.com
Balbi Srl	balbi.it
Steelgroup	steelgroup.com
Pasquetti Sarti & Partners	pspartners.it
Studio Eco Perucca	studioecoperucca.it
Studio Rossetti e Partners	studiorossetti.net
Riboli srl	riboli.it
Studio Consulenza	studioconsulenza.com
3Punto6	3punto6.com
FEA srl	feasrl.eu
Grassi srl	grassionline.com
Vegliolux	veglio.com
AVM Software & Technology	avm-it.com
Specialinsert	specialinsert.it
PMP Meccanica	pmpmeccanica.com
ATE Elettronica	atesistemi.it
Onubo s.r.l.	onubo.com
Commerciale Ferramenta	commercialeferramenta.it
Winner Italia	winnercenter.it
Villa Grazioli	villa-grazioli.it
NTA srl	ntasrl.com
Confindustria Energia	confindustriaenergia.org
FinRe Consulting	finreconsulting.it
Next Generation Srl	nextgenerationsrl.it
Studio Papa	studiopapa.net
Hotel Smeraldo	smeraldoroma.com
AMET	amet.it
Livitek	livitek.com
Propac S.r.l.	propac.it
Anic S.p.A	amedeonappi.it
Anstel	anstel.it

The Italian victims belong to various sectors:

Manufacturing (12)
Professional / Scientific / Technical (11)
ICT (9)
Telco (1)
Hospitality (2)
Construction (2)
Energy (1)
Financial (1)
Wholesale / Retail (1)
Organizations (1)

In Italy, MalasLocker primarily targets the Manufacturing sector, which was already heavily impacted by cyber attacks last year (as highlighted in our Hackmanac Cyber Attacks Global Report 2023): 27% of the group’s attacks are directed at this category.

An additional 27% of attacks target the Professional / Scientific / Technical sector, while 22% affect ICT category.

A cunning threat

Zimbra is a widely used application, with over 220,000 customers in more than 140 countries.

Unfortunately, like all applications, Zimbra is not immune to vulnerabilities: during our analysis of cyber attacks, we classified several incidents resulting from Zimbra vulnerability exploits (9 in 2022 and already 2 in 2023), many of which were critical.

The fact that the primary targets of this group are small and medium enterprises does not improve the overall situation.

Often, SMEs are more exposed to cyber threats as their defense capabilities and dedicated technical personnel for Cyber Security are lower compared to those of large companies.

Therefore, the advice is to keep Zimbra systems up to date and ensure that the configuration is as hardened as possible.

Stay Cyber safe!

Latest news

HACKS OF TODAY 02/05/2024

Today's HOT includes 22 victims by the notorious BianLian, Ra World, RansomHub, INC Ransom, Ransomware Blog, Rhysida, Akira and Underground Team gangs. The average Cyber...

HACKS OF TODAY 30/04/2024 – 01/05/2024

Today's HOT includes 29 victims by the notorious LockBit 3.0, BlackBasta, Embargo, Medusa, Akira, Play, Snatch, Everest, Qilin, Cl0p and RansomHub gangs. The average Cyber...

HACKS OF TODAY 27-28-29/04/2024

Today's HOT includes 30 ransomware victims by the notorious Apos, Play, LockBit 3.0, RansomHub, INC Ransom, Black Suit, Eraleig, Qiulong, Hunters International, 8Base, BlackBasta and Space Bears...

CYBER SECURITY IN 2023: WHAT SHOULD WE IMPROVE?

2022 was a complex year to say the least: between the still unresolved Covid-19 pandemic emergency and the implications of the European conflict, the repercussions in the cyber security world were considerable.
Once again this can demonstrate how much there is still to do in this sector .

What changes will therefore need to be made to Cyber Security in 2023?
Let’s see the main ones.

Do not compress investments because of the crisis

The difficult economic situation that has arisen impacted every business sector.
In this scenario, Cyber Security already greatly underestimated, risks losing important investments when it’s clear that the emergency of cyber attacks shows no sign of diminishing.
In fact, attackers are dramatically constant and aware of how convenient can be to hit organizations that are already stressed and busy managing other problems.
This is demonstrated by the impact on the healthcare sector during the pandemic.

The solution?
Evaluate investments better, optimizing budgets so that they will be effective in contrasting threats while remaining economically efficient.

Outsource security services

Outsourcing security services in some situations is not only convenient but also the most valid solution.
This is true, for example, in the case of security assessments, where it makes sense for an external element to carry out the verifications and provide indications on corrective actions.

And this is also true for freelancers and small and medium-sized enterprises that do not always have technical staff to devote to IT and Cyber Security.
In these cases, managed security is the only viable solution.

The costs of managed Cyber Security services can be demanding, but it’s a priority, especially for a small company or a freelance, to properly assess risks and costs in case of systems compromissions: these can be huge and devastating.

Adapt services and solutions to SMEs

SMBs are often thought to be less exposed to cyber threats, as if cybercriminals were only interested in large and well known victims.

If it’s true that large companies offer a greater attack surface, on the other hand cyber criminals are perfectly aware that small companies are less protected. In these cases, cyber attacks have more chances of going to successful or they will not be detected and appropriately blocked.

The complexity of the cyber scenario therefore makes it essential for everyone, including SMEs and freelancers, to adopt an effective strategy that includes technological and organizational solutions.

However, managed security service managers must get used to preparing flexible and scalable offers in order to be able to serve even companies with reduced budgets.

2023 promises to be a very interesting year, but hopefully less problematic than the previous one.

Happy New Year and Good Job!