Perisian tebusan Khonsari menyerang pelayan Minecraft

Microsoft urged administrators of private Minecraft servers (located on their own hosting) to update to the latest versions as soon as possible, as they are being attacked by the Khonsari ransomware that exploits the critical Log4Shell vulnerability.

Back last week, the developers behind Minecraft di Mojang Studios released an emergency security update to address the critical bug CVE-2021-44228.

This issue, recently discovered in the Log4j logging library in recent weeks, has been talked about around the world. This vulnerability is also known as Log4Shell and has the potential to become one of the worst bugs in recent years.

In Minecraft, the Log4j library is used by the Java Edition by the game client and multiplayer servers. Microsoft has now warned that the new vulnerability is already being actively used to attack private servers.

The attacker sends a malicious in-game message to the vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute the payload placed by the attacker on both the server and connected vulnerable clients. We saw the use of a malicious Java class, which is the Khonsari ransomware and is executed in the context of javaw.exe, to then demand a ransom.told in Microsoft.

Microsoft 365 Defender Threat Intelligence and Microsoft Threat Intelligence Center (MSTIC) also report that they observed PowerShell-based reverse shells deployed at corporate endpoints, where Log4j exploits targeting Minecraft servers were just an entry point.

As a result, Microsoft has asked all administrators to immediately install the latest updates to protect against attacks, and recommends that players connect only to trusted Minecraft servers and use the official and latest version of the client. Minecraft: Java Edition server administrators can find all necessary update instructions here.

At first glance, this malware appears to be exploiting the Log4Shell problem for ransomware attacks. Namun begitu, dalam realiti, Khonsari is more like a wiper, itu dia, it is adestructive malware that deliberately encrypts data beyond recovery. The fact is that the victims cannot contact the malware operators to pay the ransom (there are simply no contacts in the message that the extortionists leave behind), which means they cannot save their information.

nampaknya, the attacks on Minecraft servers that have begun now are also carried out solely for the sake of griefing and trolling, and the malware operators do not pursue financial gain.

Let me remind you that we wrote that Researchers discovered ALPHV ransomware written in Rust, as well as that Chaos ransomware attacks Minecraft players.

Helga Smith

Saya sentiasa berminat dalam sains komputer, terutamanya keselamatan data dan tema, yang dipanggil pada masa kini "sains data", sejak awal remaja saya. Sebelum menyertai pasukan Pembuangan Virus sebagai ketua Editor, Saya bekerja sebagai pakar keselamatan siber di beberapa syarikat, termasuk salah seorang kontraktor Amazon. Satu lagi pengalaman: Saya ada mengajar di universiti Arden dan Reading.

Tinggalkan pesanan

Laman web ini menggunakan Akismet untuk mengurangkan spam. Ketahui cara data ulasan anda diproses.

Butang kembali ke atas