Zimbra servers have been targeted by the novel MalasLocker ransomware operation for email exfiltration and file encryption since the end of March, reports BleepingComputer.
MalasLocker has already begun distributing stolen data from three companies, as well as 69 other victims' Zimbra configurations. While uncertainties remain on how Zimbra servers have been compromised by the MalasLocker, the ransomware gang has been discovered to seek donations to an approved non-profit charity as ransom payment.
"We're a new ransomware group that have been encrypting companies' computers to ask they donate money to whoever they want. We ask they make a donation to a nonprofit of their choice, and then save the email they get confirming the donation and send it to us so we can check the DKIM signature to make sure the email is real," said MalasLocker on its data leak site.
Meanwhile, an analysis of MalasLocker's ransom note revealed a reference to the Age encryption tool.
CNN reports that a potential compromise of the Department of Homeland Security's sensitive physical security details is being looked into by the department's senior officials following a ransomware attack against contractor and major building automation systems manufacturer Johnson Controls International.
Most organizations impacted by ransomware attacks have been noted by the FBI to be experiencing another intrusion involving a different ransomware variant within 48 hours of each other, BleepingComputer reports.