Security News > 2021 > December > New ransomware now being deployed in Log4Shell attacks
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.
Yesterday, BitDefender reported that they found the first ransomware family being installed directly via Log4Shell exploits.
Once loaded, it would download a.NET binary from the same server to install new ransomware [VirusTotal] named 'Khonsari.
Ransomware expert Michael Gillespie told BleepingComputer that Khonsari uses valid encryption and is secure, meaning that it is not possible to recover files for free.
Emsisoft analyst Brett Callow pointed out to BleepingComputer that the ransomware is named after and uses contact information for a Louisiana antique shop owner rather than the threat actor.
It is likely that more advanced ransomware operations are already using the exploits as part of their attacks.
News URL
Related news
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)