Ransomware - MalasLocker

MalasLocker (Active)
Aliases
Malas
Decryptor Available
No
Description

The name “MalasLocker” is derived from the double extortion website and the operator’s email address to communicate with victims. The double extortion page headline says: "Somos malas... podemos ser peores," which is Spanish and translates to English as “We are bad… We could be worse.” The email they use is the same, but in email format - somos.malas.podemos.ser.peores@protonmail[.]com. For brevity, some researchers call it “Malas,” which means “bad” or “evil” in English.

A lot about this ransomware is unique relative to what is usually observed. For example, the first known activities from this group date back to April 9th, 2023, when they posted a list of 169 “defaulters” and three other organizations, a lot of victims to post to begin operations. The 169 defaulters were a list of companies with hyperlinks to a text file containing their server configurations and a statement saying that these companies didn’t “fulfill their obligations.” This could mean that negotiations began, and they didn’t honor them, or they most likely didn’t pay the initial ransom. On that topic, the ransom demanded from the MalasLocker group is a donation to a charity they approve of. The list of charities they approve of is unknown, but the ransom differs from the norm. The ransom aligns with the group’s motive, which appears to be hacktivist-driven based on the fact that the front of the double extortion page is a long manifesto about class warfare and how “ransomware brings out humanity in an inhumane system.”

A few days before the 172 extortions were posted to their page, users in the BleepingComputer and Zimbra forums began reporting problems with their servers. These forum entries provide much insight into what happens because the WatchGuard Threat Lab could not find a payload sample. If you’re wondering why users in Zimbra were reporting server errors, it’s because the group targeted Zimbra servers in their initial attacks. Zimbra is an open-source email collaboration toolset used by people worldwide.

Information from the attacks points to various JavaServer Pages (.jsp) found in the path: /opt/zimbra/jetty_base/webapps/zimbra/ and its subfolders. The JSP files with names like heartbeat.jsp, info.jsp, and noops.jsp, among others, were found in the logs of some victims in early February 2023. These JSP files were reverse shells that allowed the attackers to lay dormant on the machines for a while and strike when they were ready. Interestingly, one of the tools they used before attacking was the open-source tool Fuzz Faster U Fool (ffuf), which is a web fuzz tool written in GoLang. After information was gathered, files on the servers were encrypted with an encryption method rarely seen called “age.” This encryption tool was created by the Go security lead at Google and uses a combination of various algorithms, including X25519, ChaChar20-Poly1305, and HMAC (SHA256).

This ransomware is another example of how some groups aren’t only financially motivated, but some have other intentions. Nevertheless, the intentions always include malicious and illegal actions.

Ransomware Type
Crypto-Ransomware
HumOR
First Seen
Extortion Types
Charitable Donation
Direct Extortion
Double Extortion
Extortion Amounts
Amount
Charitable Donation
Communication
Medio
Identificativo
Email
Encryption
Type
Other
Files
AGE Encryption
File Extension
[No change to file name]
Ransom Note Name
README.txt
Ransom Note Image
Industry Sector Paese Extortion Date Amount (USD)
AgricultureIndonesia Charitable Donation
Professional ServicesPhilippines Charitable Donation
AgricultureColombia Charitable Donation
Banking & FinanceItaly Charitable Donation
Distribution & LogisticsRussia Charitable Donation
Aerospace & AviationRussia Charitable Donation
Retail & WholesaleUnited States Charitable Donation
ManufacturingUnited States Charitable Donation
AgricultureRussia Charitable Donation
EnergySpain Charitable Donation
Information TechnologyRussia Charitable Donation
Retail & WholesaleArgentina Charitable Donation
Real Estate & HousingRussia Charitable Donation
Restaurants & DiningRussia Charitable Donation
Construction & ArchitectureGermany Charitable Donation
Information TechnologyIndia Charitable Donation
Information TechnologyItaly Charitable Donation
AutomotiveGermany Charitable Donation
Professional ServicesRussia Charitable Donation
Information TechnologySpain Charitable Donation
Professional ServicesRussia Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyItaly Charitable Donation
EducationRussia Charitable Donation
ManufacturingUnited States Charitable Donation
ManufacturingRussia Charitable Donation
Information TechnologyRussia Charitable Donation
ManufacturingRussia Charitable Donation
Information TechnologyUnited States Charitable Donation
Media & MarketingCanada Charitable Donation
ManufacturingItaly Charitable Donation
TelecommunicationsUnited States Charitable Donation
Professional ServicesRussia Charitable Donation
Retail & WholesaleFinland Charitable Donation
Professional ServicesItaly Charitable Donation
HospitalitySpain Charitable Donation
Information TechnologyItaly Charitable Donation
Information TechnologyLuxembourg Charitable Donation
Information TechnologyNetherlands Charitable Donation
Sports & GamingGermany Charitable Donation
Construction & ArchitectureItaly Charitable Donation
Retail & WholesaleUnited States Charitable Donation
Banking & FinanceItaly Charitable Donation
Construction & ArchitectureItaly Charitable Donation
ManufacturingRussia Charitable Donation
Professional ServicesItaly Charitable Donation
Retail & WholesaleRussia Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyUnited Kingdom Charitable Donation
Construction & ArchitectureFrance Charitable Donation
Information TechnologyUnited States Charitable Donation
Retail & WholesaleUnited States Charitable Donation
TelecommunicationsRussia Charitable Donation
TelecommunicationsGermany Charitable Donation
ManufacturingSpain Charitable Donation
Information TechnologyUnited States Charitable Donation
Information TechnologyRussia Charitable Donation
ManufacturingItaly Charitable Donation
ManufacturingItaly Charitable Donation
TransportationRussia Charitable Donation
Information TechnologyRussia Charitable Donation
ManufacturingGreece Charitable Donation
TelecommunicationsUnited States Charitable Donation
Information TechnologySwitzerland Charitable Donation
LegalAustralia Charitable Donation
Media & MarketingNetherlands Charitable Donation
Distribution & LogisticsRussia Charitable Donation
Retail & WholesaleRussia Charitable Donation
Professional ServicesItaly Charitable Donation
Media & MarketingAustralia Charitable Donation
Retail & WholesaleRussia Charitable Donation
Distribution & LogisticsSouth Africa Charitable Donation
Professional ServicesItaly Charitable Donation
Professional ServicesGreece Charitable Donation
Professional ServicesItaly Charitable Donation
ManufacturingItaly Charitable Donation
ManufacturingRussia Charitable Donation
Professional ServicesItaly Charitable Donation
Information TechnologyItaly Charitable Donation
LegalNew Zealand Charitable Donation
ManufacturingRussia Charitable Donation
TransportationRussia Charitable Donation
HospitalityRussia Charitable Donation
Information TechnologyUganda Charitable Donation
Retail & WholesaleFrance Charitable Donation
AutomotiveItaly Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyItaly Charitable Donation
Information TechnologyRussia Charitable Donation
Retail & WholesaleItaly Charitable Donation
Information TechnologyUnited States Charitable Donation
TransportationRussia Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyUnited States Charitable Donation
Construction & ArchitectureRussia Charitable Donation
ManufacturingRussia Charitable Donation
Real Estate & HousingRussia Charitable Donation
Professional ServicesUnited States Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyUnited States Charitable Donation
Information TechnologySwitzerland Charitable Donation
Information TechnologyGermany Charitable Donation
HospitalityRussia Charitable Donation
Retail & WholesaleRussia Charitable Donation
Information TechnologyRussia Charitable Donation
Construction & ArchitectureGermany Charitable Donation
Information TechnologyUnited States Charitable Donation
Real Estate & HousingRussia Charitable Donation
Information TechnologySwitzerland Charitable Donation
ManufacturingItaly Charitable Donation
Media & MarketingRussia Charitable Donation
Information TechnologyItaly Charitable Donation
EnergyRussia Charitable Donation
ManufacturingItaly Charitable Donation
Information TechnologyRussia Charitable Donation
Professional ServicesCanada Charitable Donation
AutomotiveRussia Charitable Donation
Distribution & LogisticsRussia Charitable Donation
Sports & GamingUnited States Charitable Donation
Professional ServicesItaly Charitable Donation
Information TechnologyItaly Charitable Donation
UtilitiesSpain Charitable Donation
Information TechnologyCanada Charitable Donation
Information TechnologyIsrael Charitable Donation
HospitalityItaly Charitable Donation
ManufacturingUnited Kingdom Charitable Donation
Real Estate & HousingAustria Charitable Donation
ManufacturingUnited States Charitable Donation
Information TechnologyCanada Charitable Donation
Retail & WholesaleRussia Charitable Donation
Banking & FinanceLuxembourg Charitable Donation
LegalRussia Charitable Donation
Professional ServicesBelgium Charitable Donation
Information TechnologyItaly Charitable Donation
AutomotiveUnited States Charitable Donation
Professional ServicesItaly Charitable Donation
Information TechnologyRussia Charitable Donation
EnergyItaly Charitable Donation
Information TechnologyUnited States Charitable Donation
Professional ServicesBelgium Charitable Donation
Professional ServicesItaly Charitable Donation
Distribution & LogisticsRussia Charitable Donation
Information TechnologyItaly Charitable Donation
Retail & WholesaleRussia Charitable Donation
HospitalityRussia Charitable Donation
Information TechnologyRussia Charitable Donation
Information TechnologySwitzerland Charitable Donation
Professional ServicesItaly Charitable Donation
Information TechnologyRussia Charitable Donation
HospitalityItaly Charitable Donation
Information TechnologyUnited Kingdom Charitable Donation
Retail & WholesaleRussia Charitable Donation
LegalUnited States Charitable Donation
Information TechnologyUnited States Charitable Donation
Information TechnologyUnited States Charitable Donation
Professional ServicesUnited States Charitable Donation
Construction & ArchitectureUnited States Charitable Donation
TransportationItaly Charitable Donation
Information TechnologyPortugal Charitable Donation
Construction & ArchitectureRussia Charitable Donation
Information TechnologyItaly Charitable Donation
Professional ServicesCanada Charitable Donation
Information TechnologyGermany Charitable Donation
ManufacturingRussia Charitable Donation
Retail & WholesaleItaly Charitable Donation
Information TechnologySpain Charitable Donation
Information TechnologyUnited States Charitable Donation
Information TechnologyRussia Charitable Donation
AutomotiveGermany Charitable Donation
Information TechnologyFrance Charitable Donation
Information TechnologyItaly Charitable Donation
Distribution & LogisticsItaly Charitable Donation