Log4Shell Vulnerability Exploited to Plant the Khonsari Ransomware

The recently discovered security hole in the Log4j service has quickly attracted attention from cybercriminals specializing in various types of attacks. Although initial reports mentioned mostly botnets and cryptocurrency miners, it seems that ransomware operators are also on the prowl for servers exploitable through the Log4Shell vulnerability. Thanks to this exploit, criminals gain the ability to execute remote commands on the compromised systems, effectively enabling them to perform all sorts of tasks – such as to run the novel Khonsari Ransomware.

Khonsari Ransomware Operators Use a Phone Number for Contact

The Khonsari Ransomware is not related to any of the file-locker families that came out in 2021, and it appears to be a very new piece of software. Unfortunately, initial analysis of the payload shows that it uses a flawless file-encryption mechanism, which would make it impossible to develop and release a free decryptor. This leaves victims of the Khonsari Ransomware with very limited options when it comes to recovering their files.

It is important to add that the Khonsari Ransomware was not seen until the Log4Shell vulnerability was disclosed. So far, this seems the only method that its creators are using to infect systems. The malware is able to swiftly encrypt a large portion of the victim's files, and append the suffix '.khonsari' to their name. Just like other file-lockers, this one also opts to show a ransom note after completing the attack.

The criminals of the Khonsari Ransomware ask their victim to pay a ransom fee via Bitcoin, and to contact karenkhonsari@gmail.com for additional information. The surprising thing in their ransom message is the presence of a phone number, which can be used to reach them – (225) 287-1309. It is advisable not to agree to send money to anonymous cybercriminals. If you pay, you might not get anything in return, losing both your money and your files. It is best to remove the Khonsari Ransomware via antivirus software, and then explore alternative data recovery options. Of course, make sure to also update your Log4j service in order to fix the vulnerability.

By Ruik
December 16, 2021
Ransomware
English
December 16, 2021
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Computer Security

Log4Shell RCE Vulnerability Attracts Attention from Cybercriminals

Cybercriminals are always on the prowl for new vulnerabilities that they can use to aid their attacks. One of the popular, recent vulnerabilities is called Log4Shell. It affects the Apache Log4j logging platform,... Read more

December 14, 2021
Ransomware

Vice Society Ransomware Abuses the PrintNightmare Vulnerability to Spread Laterally

Discoveries of new vulnerabilities in popular software packages, operating systems, and services are usually followed by large-scale malware attacks. In recent weeks, cybersecurity companies have been informing users... Read more

August 16, 2021
Ransomware

Remove Eslock Ransomware

The Eslock Ransomware is a variation of the infamous MedusaLocker Ransomware, which has been gaining attention from cybercriminals since 2019. The newest iteration uses an unchanged file-locking mechanism, and it is... Read more

June 2, 2021
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.