A new group of hackers, known as MalasLocker, has been targeting businesses’ Zimbra servers with ransomware. However, unlike traditional ransomware groups, MalasLocker is not asking for payment. Instead, they are demanding that victims make a donation to a charity of their choosing. The group has been leaking sensitive data belonging to three breached organizations, as well as Zimbra configurations for 169 other victims. MalasLocker seems to be from a Spanish-speaking country, as its data leak site is titled “Somos malas… podemos ser peores,” which is Spanish for “We are bad… we can be worse”. It is yet unclear how the group managed to compromise the Zimbra servers and if they discovered any zero-day vulnerabilities and developed any malware for it.
The group started its campaign in late March 2023. Once they breach the servers and encrypt the files, they leave a ransom note with a unique message: “We simply ask that you make a donation to a non-profit that we approve of. It’s a win-win, you can probably get a tax deduction and good PR from your donation if you want.” The group’s leak site carries a similar message, but with a crucial difference: “We ask they make a donation to a nonprofit of their choice, and then save the email they get confirming the donation and send it to us so we can check the DKIM signature to make sure the email is real.”
So far, there is no confirmation that the attackers really distribute the decryptor to the companies that make the payment. MalasLocker is one of a small percentage of “hacktivists” – groups that do not shy away from criminal activity as long as it is for a positive and socially acceptable goal. Some hackers are in it for the money, while others are working for their governments, wreaking havoc and stealing data from opposing nations.
The rise of hacktivism is a growing concern for businesses and governments alike. Hacktivists can cause significant damage to businesses, and their actions can have far-reaching consequences. The use of ransomware by hacktivists is particularly concerning, as it can cause businesses to lose valuable data and disrupt their operations.
To protect themselves from hacktivist attacks, businesses need to take a proactive approach to cybersecurity. This includes implementing robust security measures, such as firewalls, antivirus software, and intrusion detection systems. It also involves educating employees on cybersecurity best practices and ensuring that they are aware of the risks associated with cyber threats.
In addition, businesses should consider working with cybersecurity experts to develop a comprehensive cybersecurity strategy that addresses their specific needs and risks. This may involve conducting regular security assessments, implementing security controls, and monitoring their networks for suspicious activity.
Governments also have a role to play in addressing the threat of hacktivism. They can work with businesses to develop cybersecurity policies and regulations that promote best practices and ensure that businesses are held accountable for their cybersecurity practices. Governments can also invest in cybersecurity research and development to stay ahead of emerging threats and develop new technologies to protect against them.
In conclusion, the rise of hacktivism is a growing concern for businesses and governments alike. MalasLocker is one such group that has been targeting businesses’ Zimbra servers with ransomware. To protect themselves from hacktivist attacks, businesses need to take a proactive approach to cybersecurity, including implementing robust security measures, educating employees on cybersecurity best practices, and working with cybersecurity experts to develop a comprehensive cybersecurity strategy. Governments also have a role to play in addressing the threat of hacktivism by developing cybersecurity policies and regulations and investing in cybersecurity research and development.