Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

MalasLocker Ransomware Attacks Users of Zimbra Servers

A Notorious MalasLocker Ransomware, which has been active since March 2023, targets Zimbra servers and demands charity donations instead of Ransom.

This group mostly targets corporate companies providing business services, software, and Manufacturing services around Italy, Russia, and the United States.

According to the SOC Radar report, they claim to have a distaste for corporate entities and economic inequality, and their deal is simple for decrypting the file to avoid data leakage.

Malas Ransomware Attack:

The threat actor targets the victims through phishing emails, where malicious JSP documents were sent to the users of Zimbra.

Zimbra is an open-source software suite primarily used by organizations for email hosting, event scheduling, task management, and file sharing

These suspicious JSP files heartbeat.jsp, info.jsp, Startup1_3.jsp are uploaded to specific directories such as /opt/zimbra/jetty_base/webapps/zimbra/ or /opt/zimbra/jetty/webapps/zimbra/public folders

Once the user of Zimbra executes the malicious file, then the attacker will access the uploaded file from the public directory of Zimbra for further operation.

In addition to that, threat actors utilize the vulnerabilities associated with Zimbra servers such as CVE-2022-27924 (Zimbra memcache command injection), CVE-2022-27925 (Zimbra admin directory traversal), CVE-2022-30333 (UnRAR Linux/UNIX directory traversal), and CVE-2022-37042 (Zimbra auth bypass, remote code execution).

The group uses the “AGE” encryption tool for encrypting the files and does not append any extensions to the files, reads the report.

They host a TOR website where they posted the list of 160  victims affected by Malas ransomware and censored the image of the company’s name for confidentiality purposes.

From the welcome greeting on their TOR website, it is clear that they are a Spanish-based threat group with a motto written in Spanish like “we are bad… we can be even worse.”

The ransom note in the Readme.txt demands charity donations for sending the decryptor tools and also guides how to reach them by providing their contact details.

Prevention:

Unlike other threat groups,malas ransomware is unique in its tactics and techniques. Since their attack on the MalasLocker Ransomware vector is unclear and targets the Zimbra server, the better practice to avoid the attack is to patch the application and update it to the latest version.

Source: https://cybersecuritynews.com/malaslocker-ransomware-zimbra/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO