Experts have already documented attempts to exploit the Log4Shell vulnerability by Chinese APTs to deliver…
However, the attacks are intensifying. Thus, according to Check Point, more than 60 exploits for Log4Shell have already been studied, and at some moments can be observed up to 100 attacks per minute. As of the beginning of the week, since last Friday, various hacker groups have already carried out about 840,000 attacks on Log4Shell.
In turn, the Chinese company Qihoo 360 warned that it is already tracking at least 10 different hack groups that abuse the vulnerability.
Now Bitdefender analysts have reported that they discovered the first group of ransomware to abuse the new vulnerability. The first attacks by the new Khonsari ransomware were noticed on Sunday, December 11, 2021. The malware is known to be written in .NET and is intended only for attacks on Windows machines. Victims can recognize the Khonsari attack by the .khonsari extension, which the malware adds to most encrypted files.
Khonsari extortionate note. Photo credit: Bleeping Computer
The ransomware was also noticed by MalwareHunterTeam and information security expert Michael Gillespie, who describe the threat as skidware that does not require special skills and is based on low quality publicly available sources. Despite this, they admit that the ransomware works and is able to encrypt the system after a successful attack on Log4Shell.
Even worse, it is reported that the ransomware uses a very strong encryption method, and so far no flaws have been found in it, that is, after encrypting the files, victims will either have to restore data from their backups or pay the attackers.
However, it is not known whether the victims will have the opportunity to pay the ransom. The researchers noticed that the malware is named after a real person (the owner of an antique shop in Louisiana) and uses his contact details in ransom notes. It is not yet clear who this person is, and why hackers denigrate his name in such a strange way. However, apparently, Khonsari may turn out to be someone’s cruel joke and a wiper. That is, it will be impossible to recover data after an attack.
Let me remind you that we talked about the fact that Chinese APTs are interested in Log4Shell vulnerability.
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…