2021-12-21

Khonsari Ransomware & Log4Shell

Level: 
Tactical
  |  Source: 
CadoSecurity
Share:

Khonsari Ransomware & Log4Shell

Industry: N/A | Level: Tactical | Source: CadoSecurity

Ransomware family - Khonsari has been observed utilizing CVE-2021-44228/Log4Shell vulnerability targeting Windows servers. The malware executable "groenhuyzen.exe" is dropped and exploits the JNDI class. The malware's functionality is straightforward at only 12 KB, it'll enumerate and encrypt (with extension - .khonsari) all mounted drives with the exception of C:\. Only user directories are encrypted including Documents, Videos, Pictures, Downloads, and Desktop.

  • Anvilogic Use Case: Potential CVE-2021-44228 – Log4Shell

Get trending threats published weekly by the Anvilogic team.

Sign Up Now