Ransomware victim disclosure
← All victimsSA.FI
Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Finland
- Sector
- Financial Services
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profileSA.FI (sa.fi) is a Finnish company operating in the financial services sector. Based on its domain and country of registration, it is a Finland-based financial services provider. Further details about its scale and specific services are not available from the provided sources.
- Industry
- Financial Services
Attack summary
Severity: high — The victim operates in financial services, a regulated sector where data exposure carries significant compliance and customer risk. Exploitation of a Zimbra vulnerability typically yields access to email archives containing sensitive business and potentially client financial data, and the disclosed status confirms data has been published.The Malas ransomware group claims to have compromised SA.FI by exploiting a Zimbra vulnerability, with the disclosure status indicating data has been published. The post does not specify the volume or exact nature of exfiltrated data.
Data the group says was taken
AI dossier — extracted from the leak post- Email communications (via Zimbra server)
- Business correspondence
- Potentially financial records
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

