BitDefender reported yesterday that ransomware gangs are now utilizing the Log4j exploit to install ransomware. This raises the stakes for organizations that have not undertaken efforts to patch the vulnerability or mitigate the threats for systems that do not yet have patches available.
This ransomware does not contain a clear way to contact the threat actor to pay the ransom. So in cases where victims’ files are encrypted, they may have a difficult time recovering their files even if they are willing to pay the ransom. This is the first known case of a ransomware gang utilizing the Log4j exploit to directly install ransomware.
On Monday, Apache released Log4J version 2.16 to fix another problem: CVE-2021-45046. Previously, it was thought that version 2.15 corrected the issue. However, there was a new flaw discovered in version 2.15. It is highly suggested that anyone who patched to version 2.15 immediately install version 2.16, which corrects the CVE-2021-45046 problem. The flaw fixed in version 2.16 “doesn’t seem to permit remote code execution or data exfiltration; it’s merely a denial-of-service attack that might cause the affected process to hang,” according to Paul Ducklin, a research scientist at Sophos.
The cybersecurity community expects that not only criminals, but also Chinese, Iranian, and other state-sponsored groups will move quickly to leverage this vulnerability. Organizations need to take appropriate measures to ensure their security. If organizations do not have appropriate in-house resources, they should reach out to organizations (like Rokster) that can provide help.
Photo Credit: Canva
by Dominick Birolin, CISSP, CISA, NSE3. Vice President of Cybersecurity at Rokster