Security News > 2021 > December > Conti ransomware uses Log4j bug to hack VMware vCenter servers
Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines.
Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.
While most defenders are focused on blocking Log4Shell attacks on Internet-exposed devices, the Conti ransomware operation shows how the vulnerability can be used to target internal devices that may not receive as much attention.
The researchers confirmed that Conti ransomware affiliates had already compromised the target networks and exploited vulnerable Log4j machines to gain access to vCenter servers.
Conti is a Russian-speaking group that has been in the ransomware game for a long time, being the successor of the infamous Ryuk.
Recently, the Australian Cyber Security Centre published an alert about Conti ransomware targeting multiple organizations in the country.
News URL
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- BT unit took servers offline after Black Basta ransomware breach (source)