TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Credit card info of 1.8 million people stolen from sports gear sites
CISA urges VMware admins to patch critical flaw in Workspace ONE UEM
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
Western Digital warns customers to update their My Cloud devices
Save 50% on access to 2,400 hours of IT training from ITU Online
Upgraded to log4j 2.16? Surprise, there’s a 2.17 fixing DoS
The Week in Ransomware – December 17th 2021 – Enter Log4j
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
TellYouThePass ransomware revived in Linux, Windows Log4j attacks
Threat actors have revived an old and relatively inactive ransomware family known as TellYouThePass, deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.
KnownSec 404 Team’s Heige first reported these attacks on Twitter on Monday after observing that the ransomware was dropped on old Windows systems using exploits abusing the flaw tracked as CVE-2021-44228 and known as Log4Shell.
Heige’s report was confirmed by the Sangfor Threat Intelligence Team, who successfully captured one of the TellYouThePass ransomware samples deployed in attacks using Log4Shell exploits mostly impacting Chinese targets, according to Curated Intelligence.
As they further discovered (findings that CronUP’s Germán Fernández also confirmed), the ransomware has a Linux version that harvests SSH keys and moves laterally throughout victims’ networks.
“It is worth noting that this is not the first time that Tellyouthepass ransomware has used high-risk vulnerabilities to launch attacks,” Sangfor researchers said. “As early as last year, it had used Eternal Blue vulnerabilities to attack multiple organizational units.”
Other security researchers [12] have also analyzed one of the ransomware samples deployed in these attacks and tagged it as “likely belonging” to the TellYouThePass family.
According to submission stats to the ID Ransomware service, TellYouThePass ransomware has seen a massive and sudden spike in activity after Log4Shell proof-of-concept exploits were released online.
TellYouThePass is not the first ransomware strain deployed in Log4Shell attacks since financially-motivated attackers began injecting Monero miners on compromised systems and state-backed hackers started exploiting it to create footholds for follow-on activity.
BitDefender first reported they found a new ransomware family (tagged by some as a wiper) they dubbed Khonsari being installed directly via Log4Shell exploits.
The Microsoft 365 Defender Threat Intelligence Team also saw Khonsari ransomware payloads dropped on self-hosted Minecraft servers.
Last but not least, Conti ransomware operators have also added a Log4Shell exploit to their arsenal to move laterally through targets’ networks, gain access to VMware vCenter Server instances, and encrypt virtual machines.
In related news, CISA ordered Federal Civilian Executive Branch agencies today to patch their systems against the Log4Shell vulnerability within the next six days, until December 23.
The cybersecurity agency has also recently added the flaw to its Known Exploited Vulnerabilities Catalog, which also requires expedited action from federal agencies to mitigate the bug until December 24.
The Week in Ransomware – December 17th 2021 – Enter Log4j
Conti ransomware uses Log4j bug to hack VMware vCenter servers
New ransomware now being deployed in Log4Shell attacks
CISA warns critical infrastructure to stay vigilant for ongoing threats
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
Not a member yet? Register Now
This image looks very different on Apple devices — see for yourself
Lenovo laptops vulnerable to bug allowing admin privileges
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

New ransomware now being deployed in Log4Shell attacks

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…

Yanluowang ransomware operation matures with experienced affiliates

Panasonic discloses data breach after network hackIKEA email systems hit by ongoing…

Log4j vulnerability now used to install Dridex banking malware

Microsoft warns of easy Windows domain takeover via Active Directory bugsUK govt…

Zoho: Patch new ManageEngine bug exploited in attacks ASAP

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…