Conti Ransomware Exploits Log4j

Conti ransomware gang leverages  Log4Shell  exploit to compromise VMware vCenter Server installs. The ransomware group used the exploit to target internal devices that are not protected.

Conti operators run a private Ransomware-as-a-Service (RaaS), the malware appeared in the threat landscape at the end of December 2019 and was distributed through TrickBot infections. Experts speculate the operators are members of a Russia-based cybercrime group known as Wizard Spider.

Recently the Conti gang hit the attack on the Australian energy CS Energy and threaten to leak the stolen files.

Conti ransomware gang started attempting to exploit the Log4Shell issue the day after the disclosure of the exploit. The gang and its affiliates started targeting VMware vCenter servers because the virtualization giant has yet to release a fix for the flaw.

LOG4j Affected Products

• VMware Horizon
• VMware vCenter Server
• VMware HCX
• VMware NSX-T Data Center
• VMware Unified Access Gateway
• VMware WorkspaceOne Access
• VMware Identity Manager 
• VMware vRealize Operations
• VMware vRealize Operations Cloud Proxy
• VMware vRealize Automation
• VMware vRealize Lifecycle Manager
• VMware Site Recovery Manager, vSphere Replication
• VMware Carbon Black Cloud Workload Appliance
• VMware Carbon Black EDR Server
• VMware Tanzu GemFire
• VMware Tanzu GemFire for VMs
• VMware Tanzu Greenplum
• VMware Tanzu Operations Manager
• VMware Tanzu Application Service for VMs
• VMware Tanzu Kubernetes Grid Integrated Edition
• VMware Tanzu Observability by Wavefront Nozzle
• Healthwatch for Tanzu Application Service
• Spring Cloud Services for VMware Tanzu
• Spring Cloud Gateway for VMware Tanzu
• Spring Cloud Gateway for Kubernetes
• API Portal for VMware Tanzu
• Single Sign-On for VMware Tanzu Application Service
• App Metrics
• VMware vCenter Cloud Gateway
• VMware vRealize Orchestrator
• VMware Cloud Foundation
• VMware Workspace ONE Access Connector
• VMware Horizon DaaS
• VMware Horizon Cloud Connector
• VMware NSX Data Center for vSphere
• VMware AppDefense Appliance
• VMware Cloud Director Object Storage Extension
• VMware Telco Cloud Operations
• VMware vRealize Log Insight
• VMware Tanzu Scheduler
• VMware Smart Assurance NCM
• VMware Smart Assurance SAM [Service Assurance Manager]
• VMware Integrated OpenStack
• VMware vRealize Business for Cloud
• VMware vRealize Network Insight
• VMware Cloud Provider Lifecycle Manager 
• VMware SD-WAN VCO
• VMware NSX-T Intelligence Appliance
• VMware Horizon Agents Installer
• VMware Tanzu Observability Proxy