TellYouThePass, one of the inactive ransomware family, has risen again. By leveraging the recently discovered critical remote code execution vulnerability, Log4Shell, in Log4j, it has been discovered carrying out attacks on Windows and Linux based computers.
After observing that the ransomware had witnessed a sudden surge soon after the Log4Shell PoC exploits were released online, a researcher from KnownSec 404 Team first alerted authorities on Twitter about the attacks.
The ransomware infected Windows based computers by exploiting the CVE-2021-44228 vulnerability.
The majority of the targets were found in a Chinese province, according to a report by Sangfor Threat Intelligence Team, who captured one of the ransomware samples abusing Log4Shell exploits.
Furthermore, CronUP experts confirmed that the ransomware has a Linux variant that collects SSH keys and allows it to move laterally throughout victims’ networks.
After the analysis of ransomware samples by other security researchers, it has been tagged as part of the TellYouThePass family,
There have been a several incidents in recent months where hackers have exploited the Log4Shell flaw.
Initially, the flaw was exploited by several state-sponsored hackers from China, Iran, North Korea, and Turkey.
Conti ransomware has recently begun exploiting the Log4Shell flaw in order to move laterally inside targets’ networks.
BitDefender researchers discovered Khonsari malware abusing the Log4Shell exploits.
Different ransomware groups are currently exploiting the Log4Shell vulnerability all across the world, and even old groups are resurrecting to take advantage of this security flaw. As a result, applying security patches immediately, conducting a security review, and reporting compromises as soon as possible are all strongly advised.