Ransomware victim disclosure
← All victimsBMW Aldis
listed as BMW Алдис · Claimed by Malas · listed 3 years ago
Status timeline
- ListedApr 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Malas
- Status
- Data leaked
- Country
- Germany
- Sector
- Automotive
- Listed on leak site
- Apr 9, 2023
About the victim
AI dossier — public-source company profileBMW Алдис (BMW Aldis) appears to be a BMW automotive dealership or franchise operation, likely located in a Russian-speaking or Eastern European market despite the Germany country tag. The name suggests it is an authorized BMW dealer or distributor. Specific operational details are not available from the leak post or public site excerpt.
- Industry
- Automotive Dealership
Attack summary
Severity: high — Data is confirmed published and was obtained via exploitation of a known Zimbra vulnerability, implying email server compromise and likely exfiltration of internal communications, potentially including customer PII, employee data, and business-sensitive correspondence.The Malas ransomware group claims to have compromised BMW Алдис by exploiting a Zimbra vulnerability, with the disclosure status listed as data_published, indicating data has been exfiltrated and released.
Data the group says was taken
AI dossier — extracted from the leak post- Email communications (via Zimbra mail server)
- Corporate correspondence
- Potentially employee and customer contact data
What the group claims
using Zimbra vulnerability
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

