MalasLocker emerged as a new ransomware operation, since the end of March, targeting Zimbra servers. The group gains access to servers by exploiting vulnerabilities in Zimbra software. Instead of demanding a ransom payment, MalasLocker demands a donation to a charity to provide a decryptor and prevent data leakage. The group’s data leak site has three companies listed currently, along with Zimbra configuration details for 169 other targeted victims.