Ransomware Khonsari menyerang server Minecraft

Microsoft urged administrators of private Minecraft servers (located on their own hosting) to update to the latest versions as soon as possible, as they are being attacked by the Khonsari ransomware that exploits the critical Log4Shell vulnerability.

Back last week, the developers behind Minecraft pada Mojang Studios released an emergency security update to address the critical bug CVE-2021-44228.

This issue, recently discovered in the Log4j logging library in recent weeks, has been talked about around the world. This vulnerability is also known as Log4Shell and has the potential to become one of the worst bugs in recent years.

In Minecraft, the Log4j library is used by the Java Edition by the game client and multiplayer servers. Microsoft has now warned that the new vulnerability is already being actively used to attack private servers.

The attacker sends a malicious in-game message to the vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute the payload placed by the attacker on both the server and connected vulnerable clients. We saw the use of a malicious Java class, which is the Khonsari ransomware and is executed in the context of javaw.exe, to then demand a ransom.told in Microsoft.

Microsoft 365 Defender Threat Intelligence and Microsoft Threat Intelligence Center (MSTIC) also report that they observed PowerShell-based reverse shells deployed at corporate endpoints, where Log4j exploits targeting Minecraft servers were just an entry point.

Sebagai akibat, Microsoft has asked all administrators to immediately install the latest updates to protect against attacks, and recommends that players connect only to trusted Minecraft servers and use the official and latest version of the client. Minecraft: Java Edition server administrators can find all necessary update instructions here.

At first glance, this malware appears to be exploiting the Log4Shell problem for ransomware attacks. Namun, in reality, Khonsari is more like a wiper, that is, it is adestructive malware that deliberately encrypts data beyond recovery. The fact is that the victims cannot contact the malware operators to pay the ransom (there are simply no contacts in the message that the extortionists leave behind), which means they cannot save their information.

Apparently, the attacks on Minecraft servers that have begun now are also carried out solely for the sake of griefing and trolling, and the malware operators do not pursue financial gain.

Let me remind you that we wrote that Peneliti menemukan ALPHV ransomware yang ditulis dalam Rust, as well as that Chaos ransomware attacks Minecraft players.

Helga Smith

Saya selalu tertarik pada ilmu komputer, terutama keamanan data dan tema, yang disebut saat ini "ilmu data", sejak remaja awal saya. Sebelum masuk ke tim Penghapusan Virus sebagai Pemimpin Redaksi, Saya bekerja sebagai pakar keamanan siber di beberapa perusahaan, termasuk salah satu kontraktor Amazon. Pengalaman lain: Yang saya dapatkan adalah mengajar di universitas Arden dan Reading.

Tinggalkan Balasan

Situs ini menggunakan Akismet untuk mengurangi spam. Pelajari bagaimana data komentar Anda diproses.

Tombol kembali ke atas