Microsoft confirms that attackers exploited Log4Shell to deploy new ransomware

Microsoft confirms that attackers exploited Log4Shell to deploy new ransomware
Photo Credit: Pixabay
17 Dec, 2021

Days after Romanian security firm Bitdefender reported that the state-sponsored hackers were attempting to embed ransomware on devices, using the Log4Shell vulnerability, Microsoft has now confirmed a new ransomware family being deployed by the attackers, exploiting such a security loophole.  

Log4Shell vulnerability was detected last week in open-source logging software Apache Log4J.  

Also read: ‘Log4j flaw can potentially affect 3 out of 10 websites across globe’ 

The flaw in the logging library is being used by Apple, Google and Microsoft, among others.  

The Windows-maker was among the first to admit that the vulnerability affected its popular game Minecraft, which is essentially a sandbox for unlimited creativity where students are presented with fundamental blocks to imagine and create various shapes, items and entire worlds.   

Also read: New Log4J flaw puts 41% of Indian corporates at risk of hacks 

“This threat is a human-operated ransomware called Khonsari.  It affects files on drives connected to your device, as well as in certain folders on the C drive, such as desktop. Files targeted by this ransomware are encrypted and are given a new file extension ending in," Microsoft said in its Defender report, published on December 15 this month.  

Microsoft has also asked its customers running their own servers to deploy the latest Minecraft server update and for players to exercise caution by only connecting to trusted Minecraft servers.  

Also read: Security company releases a fix to contain Log4Shell vulnerability