This odd ransomware will target your business servers, but then ask for a donation to charity

ransomware avast
(Image credit: Avast)

Some hackers are in it for the money, while others are working for their governments, wreaking havoc and stealing data from opposing nations. But there is a small percentage of “hacktivists” - groups that don’t shy away from criminal activity, as long as it’s for a positive and socially acceptable goal.

One such group has recently been spotted targeting businesses’ Zimbra servers with ransomware. Instead of taking the ransom payment for themselves, they’re demanding victims make a donation to a charity of their choosing.

The group is called MalasLocker and seems to be from a Spanish-speaking country, as its data leak site, discovered by cybersecurity researcher from Emsisoft, Brett Callow, is titled "Somos malas... podemos ser peores," which is Spanish for "We are bad... we can be worse”. So far, the group is leaking sensitive data belonging to three breached organizations, as well as Zimbra configurations for 169 other victims.

MalasLocker

The group appears to have started its campaign in late March 2023, further stating that it’s yet unclear how they managed to compromise the Zimbra servers, if they discovered any zero-day vulnerabilities and developed any malware for it. 

Once they breach the servers and encrypt the files, they leave a ransom note with a unique message: "Unlike traditional ransomware groups, we're not asking you to send us money. We just dislike corporations and economic inequality," they say. "We simply ask that you make a donation to a non-profit that we approve of. It's a win-win, you can probably get a tax deduction and good PR from your donation if you want." 

The group’s leak site carries a similar message, but with a crucial difference:

"We're a new ransomware group that have been encrypting companies' computers to ask they donate money to whoever they want," it says. "We ask they make a donation to a nonprofit of their choice, and then save the email they get confirming the donation and send it to us so we can check the DKIM signature to make sure the email is real."

So far, there’s no confirmation the attackers really distribute the decryptor to the companies that make the payment.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
A person at a laptop with a cybersecure lock symbol floating above it.
Cybercrime gang targets victims with "triple threat" attacks
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)