news
MALASLOCKER, THE ROBIN HOOD OF THE RANSOMWARE GANGS
There is a new cybercriminal ransomware group in town: as reported by Bleeping Computer, the gang goes under the identifier of MalasLocker and targets small and medium companies worldwide.
The group seems specialized in the hacking of Zimbra servers to steal emails and encrypt files.
So far, everything fairly standard.
What sets this criminal group apart is their ransom demand: the request actually involves a donation to a nonprofit organization of the victim’s choice.
It appears that the primary interest of this group is charity rather than personal gain.
A highly active group
According to reports, the gang’s criminal operations began at the end of March.
With Hackmanac, we have analyzed MalasLocker’s blog to better understand how many victims have been listed so far.
From our initial analysis we have found 169 victims worldwide that the group put under “Defaulters” category.
The most concerning aspect is that the leaked data includes clear-text passwords, not only from Zimbra but also from the LDAP systems.
Italy among the affected countries
Among the victims, we have also found 41 Italian companies (24.26% of the total listed targets):
Banco Azzoaglio | azzoaglio.it |
Aster Cucine | astercucine.it |
KondorCS | kondorcs.com |
Azzurra Group | azzurrabagni.com |
Studio Negri e Associati | negriassociati.com |
HostingPerTe | hostingperte.it |
D&G impianti elettrici | degimpiantielettrici.it |
Sallemi Carburanti | sallemicarburanti.it |
BEI Srl | beisrl.it |
Transitus Group | trw-italia.com |
Mappy Italia | mappyitalia.com |
Balbi Srl | balbi.it |
Steelgroup | steelgroup.com |
Pasquetti Sarti & Partners | pspartners.it |
Studio Eco Perucca | studioecoperucca.it |
Studio Rossetti e Partners | studiorossetti.net |
Riboli srl | riboli.it |
Studio Consulenza | studioconsulenza.com |
3Punto6 | 3punto6.com |
FEA srl | feasrl.eu |
Grassi srl | grassionline.com |
Vegliolux | veglio.com |
AVM Software & Technology | avm-it.com |
Specialinsert | specialinsert.it |
PMP Meccanica | pmpmeccanica.com |
ATE Elettronica | atesistemi.it |
Onubo s.r.l. | onubo.com |
Commerciale Ferramenta | commercialeferramenta.it |
Winner Italia | winnercenter.it |
Villa Grazioli | villa-grazioli.it |
NTA srl | ntasrl.com |
Confindustria Energia | confindustriaenergia.org |
FinRe Consulting | finreconsulting.it |
Next Generation Srl | nextgenerationsrl.it |
Studio Papa | studiopapa.net |
Hotel Smeraldo | smeraldoroma.com |
AMET | amet.it |
Livitek | livitek.com |
Propac S.r.l. | propac.it |
Anic S.p.A | amedeonappi.it |
Anstel | anstel.it |
The Italian victims belong to various sectors:
- Manufacturing (12)
- Professional / Scientific / Technical (11)
- ICT (9)
- Telco (1)
- Hospitality (2)
- Construction (2)
- Energy (1)
- Financial (1)
- Wholesale / Retail (1)
- Organizations (1)
In Italy, MalasLocker primarily targets the Manufacturing sector, which was already heavily impacted by cyber attacks last year (as highlighted in our Hackmanac Cyber Attacks Global Report 2023): 27% of the group’s attacks are directed at this category.
An additional 27% of attacks target the Professional / Scientific / Technical sector, while 22% affect ICT category.
A cunning threat
Zimbra is a widely used application, with over 220,000 customers in more than 140 countries.
Unfortunately, like all applications, Zimbra is not immune to vulnerabilities: during our analysis of cyber attacks, we classified several incidents resulting from Zimbra vulnerability exploits (9 in 2022 and already 2 in 2023), many of which were critical.
The fact that the primary targets of this group are small and medium enterprises does not improve the overall situation.
Often, SMEs are more exposed to cyber threats as their defense capabilities and dedicated technical personnel for Cyber Security are lower compared to those of large companies.
Therefore, the advice is to keep Zimbra systems up to date and ensure that the configuration is as hardened as possible.
Stay Cyber safe!
Latest news
HACKS OF TODAY 02/05/2024
Today's HOT includes 22 victims by the notorious BianLian, Ra World, RansomHub, INC Ransom, Ransomware Blog, Rhysida, Akira and Underground Team gangs. The average Cyber...
Read MoreHACKS OF TODAY 30/04/2024 – 01/05/2024
Today's HOT includes 29 victims by the notorious LockBit 3.0, BlackBasta, Embargo, Medusa, Akira, Play, Snatch, Everest, Qilin, Cl0p and RansomHub gangs. The average Cyber...
Read MoreHACKS OF TODAY 27-28-29/04/2024
Today's HOT includes 30 ransomware victims by the notorious Apos, Play, LockBit 3.0, RansomHub, INC Ransom, Black Suit, Eraleig, Qiulong, Hunters International, 8Base, BlackBasta and Space Bears...
Read More