Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Java

Second Ransomware Family Exploiting Log4j Spotted In US, Europe (venturebeat.com) 16

Researchers say a second family of ransomware has been growing in usage for attack attempts that exploit the critical vulnerability in Apache Log4j, including in the U.S. and Europe. VentureBeat reports: A number of researchers, including at cybersecurity giant Sophos, have now said they've observed the attempted deployment of a ransomware family known as TellYouThePass. Researchers have described TellYouThePass as an older and largely inactive ransomware family -- which has been revived following the discovery of the vulnerability in the widely used Log4j logging software. TellYouThePass is the second family of ransomware that's been observed to exploit the vulnerability in Log4j, known as Log4Shell, joining the Khonsari ransomware, according to researchers.

While previous reports indicated that TellYouThePass was mainly being directed against targets in China, researchers at Sophos told VentureBeat that they've observed the attempted delivery of TellYouThePass ransomware both inside and outside of China -- including in the U.S. and Europe. "Systems in China were targeted, as well as some hosted in Amazon and Google cloud services in the U.S. and at several sites in Europe," said Sean Gallagher, a senior threat researcher at Sophos Labs, in an email to VentureBeat on Tuesday. Sophos detected attempts to deliver TellYouThePass payloads by utilizing the Log4j vulnerability on December 17 and December 18, Gallagher said. TellYouThePass has versions that run on either Linux or Windows, "and has a history of exploiting high-profile vulnerabilities like EternalBlue," said Andrew Brandt, a threat researcher at Sophos, in an email. The Linux version is capable of stealing Secure Socket Shell (SSH) keys and can perform lateral movement, Brandt said. Sophos initially disclosed its detection of TellYouThePass ransomware in a December 20 blog post.

The first report of TellYouThePass ransomware exploiting the Log4j vulnerability appears to have come from the head of Chinese cybersecurity group KnownSec 404 Team on December 12. The attempted deployment of TellYouThePass in conjunction with Log4Shell was subsequently confirmed by additional researchers, according to researcher community Curated Intelligence. In a blog post Tuesday, Curated Intelligence said its members can now confirm that TellYouThePass has been seen exploiting the vulnerability "in the wild to target both Windows and Linux systems." TellYouThePass had most recently been observed in July 2020, Curated Intelligence said. It joins Khonsari, a new family of ransomware identified in connection with exploits of the Log4j vulnerability.

This discussion has been archived. No new comments can be posted.

Second Ransomware Family Exploiting Log4j Spotted In US, Europe

Comments Filter:
  • Why would it be limited to Windows and Linux systems?

  • by The Evil Atheist ( 2484676 ) on Thursday December 23, 2021 @04:10AM (#62108671)
    Hey, but at least it's not a memory error, right? VMs chewing up gigabytes of memory because some programmers are scared of a language they had a horrible time learning at university is so much better. Who needs backdoors when you can show the whole world how to enter in through the front door?
  • by Canberra1 ( 3475749 ) on Thursday December 23, 2021 @07:13AM (#62108903)
    Laws need to be make, to allow insurance companies NOT to pay where the client has no viable backup and recovery strategy. Many enfeebled corporates did not 12 months ago, and still have none. I fondly remember the Ghostbusters van - perhaps we can get one outside the corporate HQ of impacted operations, to drive home the message 'we are idiots'
    • by gweihir ( 88907 )

      These laws are actually in place. This type of IT operations is called "gross negligence". Insurers are just reluctant to go for it since they would lose so many of their customers.

      • What laws - don't answer if they are never practically enforced at the corporate level, never burning a hole in CEO renumeration, package or options. I have trouble recalling where a CEO ever felt sorry. The situation now - is that anything goes - or is that ENRON's old motto. Or the Deepwater oil spill plans. I worked in ICT for 35 years. In all that time, there was a gag order not to speak to any auditors. While the auditors were careful not to voice their concerns too loudly, lest the big accounting fir
        • by gweihir ( 88907 )

          What laws

          Read up on the definition of "gross negligence". Also, this is civil law, not criminal law, so no "punishment" involved, you have that completely wrong. But an insurer can successfully refuse to pay if the one that suffered damage basically "asked for it". Your insurance only is valid if you exercised due care and that is part of the contract you have with your insurance and of the laws governing insurances.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...