Security researchers have found evidence that the group behind the Khonsari ransomware is exploiting the Log4j vulnerability to deliver it. Other state-sponsored groups are also looking into the vulnerability, according to researchers at CrowdStrike.
In a report on Monday, BitDefender’s Martin Zugec wrote that on Sunday, they saw attacks against systems running the Windows operating system attempting to deploy a ransomware family called Khonsari.
Zugec told ZDNet that Khonsari is relatively new ransomware and is considered basic compared to the level of sophistication that is seen from more professional ransomware-as-a-service groups.
“Most likely, it is a threat actor experimenting with this new attack vector. However, that doesn’t mean that more advanced actors are not looking at exploiting the Log4j vulnerability, they most assuredly are. Instead of looking for the most simple, shortest route to monetization, they will use this window of opportunity to gain access to the networks and start preparing for a full-scale larger attack,” Zugec explained.
“We are seeing deployments of backdoors and remote shell deployments already. If you haven’t patched already, you may already have uninvited, dormant guests in your network.”
Cado Security released its own report on the ransomware, noting that it “weighs in at only 12 KB and contains only