Zimbra servers subjected to MalasLocker ransomware attacks

Zimbra servers have been targeted by the novel MalasLocker ransomware operation for email exfiltration and file encryption since the end of March, reports BleepingComputer. MalasLocker has already begun distributing stolen data from three companies, as well as 69 other victims' Zimbra configurations. While uncertainties remain on how Zimbra servers have been compromised by the MalasLocker, the ransomware gang has been discovered to seek donations to an approved non-profit charity as ransom payment. "We're a new ransomware group that have been encrypting companies' computers to ask they donate money to whoever they want. We ask they make a donation to a nonprofit of their choice, and then save the email they get confirming the donation and send it to us so we can check the DKIM signature to make sure the email is real," said MalasLocker on its data leak site. Meanwhile, an analysis of MalasLocker's ransom note revealed a reference to the Age encryption tool.