May 31, 2023

An old and relatively inactive ransomware family known as TellYouThePass, now active and deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.

Researchers observing that the ransomware was dropped on old Windows systems using exploits abusing the flaw tracked as CVE-2021-44228 and known as Log4shell. Samples deployed in attacks using Log4shell exploits mostly impacting Chinese targets, according to Curated Intelligence.


The ransomware has a Linux version that harvests SSH keys and moves laterally throughout victims’ networks.

This is not the first time that Tellyouthepass ransomware has used high-risk vulnerabilities to launch attacks. As early as last year, it had used Eternal Blue vulnerabilities to attack multiple organizational units.

According to submission stats to the ID Ransomware service, TellYouThePass ransomware has seen a massive and sudden spike in activity after Log4Shell proof-of-concept exploits were released online.

MITRE ATT&CK Technique

Leave a Reply

%d bloggers like this: