Security News > 2021 > December > New ransomware now being deployed in Log4Shell attacks
The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.
Yesterday, BitDefender reported that they found the first ransomware family being installed directly via Log4Shell exploits.
Once loaded, it would download a.NET binary from the same server to install new ransomware [VirusTotal] named 'Khonsari.
Ransomware expert Michael Gillespie told BleepingComputer that Khonsari uses valid encryption and is secure, meaning that it is not possible to recover files for free.
Emsisoft analyst Brett Callow pointed out to BleepingComputer that the ransomware is named after and uses contact information for a Louisiana antique shop owner rather than the threat actor.
It is likely that more advanced ransomware operations are already using the exploits as part of their attacks.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)