Security News > 2023 > May > MalasLocker ransomware targets Zimbra servers, demands charity donation
A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files.
The ransomware operation, dubbed MalasLocker by BleepingComputer, began encrypting Zimbra servers towards the end of March 2023, with victims reporting in both the BleepingComputer and Zimbra forums that their emails were encrypted.
The encryptor will also create ransom notes named README.txt that come with an unusual ransom demand to receive a decryptor and prevent the leaking of stolen data: a donation to a non-profit charity that they "Approve of."
"Unlike traditional ransomware groups, we're not asking you to send us money. We just dislike corporations and economic inequality," reads the MalasLocker ransom note.
The MalasLocker data leak site currently distributes the stolen data for three companies and the Zimbra configuration for 169 other victims.
"We're a new ransomware group that have been encrypting companies' computers to ask they donate money to whoever they want," reads the MalasLocker data leak site.