Izsiljevalska programska oprema Khonsari napada strežnike Minecraft

Helga Smithdecembra 21, 2021Zadnja posodobitev: decembra 21, 2021
55 1 minutno branje

Microsoft urged administrators of private Minecraft servers (located on their own hosting) to update to the latest versions as soon as possible, as they are being attacked by the Khonsari ransomware that exploits the critical Log4Shell vulnerability.

Back last week, the developers behind Minecraft pri Mojang Studios released an emergency security update to address the critical bug CVE-2021-44228.

This issue, recently discovered in the Log4j logging library in recent weeks, has been talked about around the world. This vulnerability is also known as Log4Shell and has the potential to become one of the worst bugs in recent years.

In Minecraft, the Log4j library is used by the Java Edition by the game client and multiplayer servers. Microsoft has now warned that the new vulnerability is already being actively used to attack private servers.

The attacker sends a malicious in-game message to the vulnerable Minecraft server, which exploits CVE-2021-44228 to retrieve and execute the payload placed by the attacker on both the server and connected vulnerable clients. We saw the use of a malicious Java class, which is the Khonsari ransomware and is executed in the context of javaw.exe, to then demand a ransom.told in Microsoft.

Microsoft 365 Defender Threat Intelligence and Microsoft Threat Intelligence Center (MSTIC) also report that they observed PowerShell-based reverse shells deployed at corporate endpoints, where Log4j exploits targeting Minecraft servers were just an entry point.

As a result, Microsoft has asked all administrators to immediately install the latest updates to protect against attacks, and recommends that players connect only to trusted Minecraft servers and use the official and latest version of the client. Minecraft: Java Edition server administrators can find all necessary update instructions here.

At first glance, this malware appears to be exploiting the Log4Shell problem for ransomware attacks. Vendar, in reality, Khonsari is more like a wiper, to je, it is adestructive malware that deliberately encrypts data beyond recovery. The fact is that the victims cannot contact the malware operators to pay the ransom (there are simply no contacts in the message that the extortionists leave behind), which means they cannot save their information.

Apparently, the attacks on Minecraft servers that have begun now are also carried out solely for the sake of griefing and trolling, and the malware operators do not pursue financial gain.

Let me remind you that we wrote that Raziskovalci so odkrili ALPHV izsiljevalska programska oprema, napisana v Rustu, as well as that Chaos ransomware attacks Minecraft players.

Oznake
Helga Smithdecembra 21, 2021Zadnja posodobitev: decembra 21, 2021
55 1 minutno branje

Helga Smith

Vedno me je zanimalo računalništvo, zlasti varnost podatkov in tema, ki se dandanes imenuje "znanost o podatkih", že od zgodnjih najstniških let. Pred prihodom v ekipo za odstranjevanje virusov kot glavni urednik, Delal sem kot strokovnjak za kibernetsko varnost v več podjetjih, vključno z enim od Amazonovih izvajalcev. Še ena izkušnja: Poučujem na univerzah Arden in Reading.

Pustite odgovor

To spletno mesto uporablja Akismet za zmanjšanje neželene pošte. Preberite, kako se obdelujejo vaši komentarji.

Gumb Nazaj na vrh