malas

Ransomware group profile

27Victims

SpainSource country

67Impact score

Also Known As

MalasLocker

Description

Malas is a prominent ransomware group that targets large enterprises and critical infrastructure. Known for sophisticated attacks involving advanced encryption and double extortion tactics, they threaten to release stolen data alongside encrypting it. The group exploits vulnerabilities in widely used software to gain initial access and execute their operations.

Key insights

•Utilizes double extortion techniques, where both data encryption and threats to leak sensitive information are employed.
•Targets critical infrastructure sectors, particularly healthcare and finance.
•Exploits vulnerabilities in enterprise software, including CVE-2022-24521 and CVE-2021-44228.
•Gains initial access through social engineering and custom malware strains.
•Increased focus on cloud services and remote work infrastructures.
•Indicators of attack include sudden spikes in network traffic and unauthorized access to sensitive data.

Industries

Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Technology Transportation

Threat Level & Status Breakdown

For malas · Based on incidents in selected period

1.8threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality0/ 10

Status Breakdown

Claimed100.0%27

First seenMay 2026

Last seenMay 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 20, 2026

Recent activity

Monthly attack count for malas in the selected period

27Total attacks

27peak in May

27avg / month

No intelligence data for this group.

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for malas

Other

T1486

T1490

T1059

T1021

T1562

T1078

T1547

T1021.001

T1105

T1041

T1203

T1027

Victims(27)

Company	Domain	Country	Industry	Status	Discovered
ÐÐ ÐÐ¾Ð³Ð¸ÑÑÐ¸Ðº	—	—	Manufacturing	Claimed	about 1 month ago
ÐÑÐ´Ð²Ð¸Ð½-ÐÐµÐ²Ð°	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐ·Ð¸Ð¼ÑÑ ÐÐ¢	—	—	Manufacturing	Claimed	about 1 month ago
ÐÑÐ°ÑÐ½ÑÐ¹ ÐÐ¾ÑÑÐ¾Ðº ÐÐ³ÑÐ¾	—	—	Manufacturing	Claimed	about 1 month ago
Ð¡ÐÐÐÐ	—	—	Manufacturing	Claimed	about 1 month ago
ÐÑÑÑÐ°	—	—	Manufacturing	Claimed	about 1 month ago
Ð£Ð½Ð¸Ð²ÐµÑÑÐ°Ð»ÑÐµÑÑÑÑ	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐ¼ÐµÐ´Ð¸	—	—	Manufacturing	Claimed	about 1 month ago
Ð¤Ð¾ÑÐ¼ÐµÐºÑ	—	—	Manufacturing	Claimed	about 1 month ago
Ð¤ÐÐ£Ð “Ð¦ÐÐÐÐ¥Ð”	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐ¼ ÐÑÐ¾ÑÐ¸Ð»Ñ	—	—	Manufacturing	Claimed	about 1 month ago
Ð¯Ð¼Ð°Ð»ÑÐµÐ»ÐµÐºÐ¾Ð¼	—	—	Manufacturing	Claimed	about 1 month ago
ÐÑÐºÐ¾Ð²Ð¿Ð°ÑÑÐ°Ð¶Ð¸ÑÐ°Ð²ÑÐ¾ÑÑÐ°Ð½Ñ	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐ¾ÑÐ¾Ð´ ÐÐ°ÑÐµ	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐµÐ±ÐµÐ»ÑÑÐ½Ð°Ð±	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐ¸Ñ ÐÐµÑÑÐµÑÐµÑÐ²Ð¸Ñ	—	—	Manufacturing	Claimed	about 1 month ago
ÐÐµÐ²ÑÐºÐ¸Ð¹ ÐÐ»ÑÑÐ½Ñ	—	—	Manufacturing	Claimed	about 1 month ago
Ð¡Ð ÐÐ»Ð°Ð³Ð¾ÐÐ°ÑÑ	—	—	Manufacturing	Claimed	about 1 month ago
ÐµÐÑÐµÐ´Ð¸Ñ	—	—	Manufacturing	Claimed	about 1 month ago
Ð¢ÑÐ°Ð½ÑÐÐ¾Ð¼-ÐÐ²Ð¸Ð°	—	—	Manufacturing	Claimed	about 1 month ago

Page 1 of 2

Affected countries(14)

Countries where this group has been reported to target or leak victims.

🇨🇴Colombia 🇩🇪Germany 🇪🇸Spain 🇫🇮Finland 🇬🇧United Kingdom 🇬🇷Greece 🇮🇩Indonesia 🇮🇹Italy Moldova, Republic of 🇵🇭Philippines 🇵🇰Pakistan Russian Federation 🇹🇳Tunisia 🇺🇸United States