Some hackers are in it for the cash, whereas others are working for his or her governments, wreaking havoc and stealing information from opposing nations. However there’s a small proportion of “hacktivists” – teams that don’t shrink back from felony exercise, so long as it’s for a optimistic and socially acceptable purpose.

One such group has lately been noticed focusing on companies’ Zimbra servers with ransomware. As an alternative of taking the ransom fee for themselves, they’re demanding victims make a donation to a charity of their selecting.

The group is known as MalasLocker and appears to be from a Spanish-speaking nation, as its information leak website, found by cybersecurity researcher from Emsisoft, Brett Callow, is titled “Somos malas… podemos ser peores,” which is Spanish for “We’re unhealthy… we may be worse”. Thus far, the group is leaking delicate information belonging to a few breached organizations, in addition to Zimbra configurations for 169 different victims.

MalasLocker

The group seems to have began its marketing campaign in late March 2023, additional stating that it’s but unclear how they managed to compromise the Zimbra servers, if they found any zero-day vulnerabilities and developed any malware for it. 

As soon as they breach the servers and encrypt the recordsdata, they go away a ransom notice with a novel message: “Not like conventional ransomware teams, we’re not asking you to ship us cash. We simply dislike companies and financial inequality,” they are saying. “We merely ask that you simply make a donation to a non-profit that we approve of. It is a win-win, you possibly can in all probability get a tax deduction and good PR out of your donation if you’d like.” 

The group’s leak website carries an analogous message, however with a vital distinction:

“We’re a brand new ransomware group which were encrypting firms’ computer systems to ask they donate cash to whoever they need,” it says. “We ask they make a donation to a nonprofit of their selection, after which save the e-mail they get confirming the donation and ship it to us so we will verify the DKIM signature to verify the e-mail is actual.”

Thus far, there’s no affirmation the attackers actually distribute the decryptor to the businesses that make the fee.

• These are the perfect endpoint safety instruments (opens in new tab) proper now

By way of: BleepingComputer (opens in new tab)