According to experts, the ransomware attacks that exploit the Log4j vulnerability are now getting worse. Researchers found at least two families of malware strain linked up to the vulnerability. Cybersecurity warnings are currently being issued to Linux and Windows users.
Tech users have probably seen several reports on the Log4j vulnerability in these last few weeks. One researcher from Check Point even said, "I cannot overstate the seriousness of this threat," emphasizing that his firm already recorded more than 850,000 cyberattacks in less than a week, thanks to this vulnerability. Overall, Log4j was ranked 10 out of 10 on the severity scale.
Unfortunately, the issue still gets worse. Researchers from the cybersecurity giant Sophos recently discovered a second family of ransomware exploiting the Log4j vulnerability. These cyberattacks were reportedly launched on Linux and Windows systems.
Cybersecurity Warning: TellYouThePass Ransomware
Researchers in Sophos said they uncovered an attempted deployment of the ransomware family called TellYouThePass. This is a malware that performs lateral movement by stealing the SSH credentials and dumping the OS credentials of an infected device.
Experts observed that TellYouThePass was primarily used against China systems. However, more recently, malicious actors have attempted delivery outside the country.
Sophos told VentureBeat that "Systems in China were targeted (by TellYouThePass), as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe." It is worth noting that TellYouThePass has a history of exploiting high-profile vulnerabilities, like Eternal Blue. This implies a growing threat in the digital space.
Experts for Curated Intelligence confirmed in a blog post that TellYouThePass is now "in the wild to target both Windows and Linux systems." Users are advised to be extra careful when browsing and downloading content on the internet.
Read Also: Dogecoin Price Prediction: Expert Analysis Warns Possible 50% Crash for Meme Coin Amid Heavy Test
Log4j Vulnerability: Growing Ransomware Attacks
It is important to note that TellYouThePass is a newly discovered threat. An older threat called Khonsari is still ongoing with its malicious tactics of targeting Windows systems. Compared to TellYouThePass, Khonsari is called "a wiper" and is used to delete hard drive data.
The fact that the ransomware is secure and the note contains no [real] contact info. means victims will be unable to recover their data. In other words, Khonsari is effectively a wiper. Via @serghei https://t.co/N3d9OD850c
— Brett Callow (@BrettCallow) December 16, 2021
Overall, both attacks indicate that ransomware operators are moving to exploit the Log4j vulnerabilities.
Fortunately, the Log4j vulnerability is far from widespread. Threat researcher Chris Neal told VentureBeat that "After initial access, these attackers will commonly choose to gain persistence, and then minimize their footprint to prevent detection and perform reconnaissance."
The Log4j vulnerability was initially used for crypto mining schemes. However, malicious actors expanded the use of this vulnerability and extended it to ransomware attacks. Because of this, there is a high likelihood that ransomware attacks will continue to escalate in the coming weeks.
To avoid falling victim to these cyberattacks, users are recommended to do these four steps:
- Avoid overly urgent emails: this is a scare tactic used by scammers to fool victims to download a malicious file
- Keep an offline backup, especially with business-critical documents.
- User firewalls and VPNs for added security.
- Be hyperaware of the indicators that point out foul play or malicious attacks.
Related Article: iPhone Malware Installs Computer Inside Your Apple Device: Full Details on How Hack Steals Data
