Khonsari Ransomware & Log4Shell
Industry: N/A | Level: Tactical | Source: CadoSecurity
Ransomware family - Khonsari has been observed utilizing CVE-2021-44228/Log4Shell vulnerability targeting Windows servers. The malware executable "groenhuyzen.exe" is dropped and exploits the JNDI class. The malware's functionality is straightforward at only 12 KB, it'll enumerate and encrypt (with extension - .khonsari) all mounted drives with the exception of C:\. Only user directories are encrypted including Documents, Videos, Pictures, Downloads, and Desktop.
- Anvilogic Use Case: Potential CVE-2021-44228 – Log4Shell