May 31, 2023

An old and relatively inactive ransomware family known as TellYouThePass, now active and deploying it in attacks against Windows and Linux devices targeting a critical remote code execution bug in the Apache Log4j library.

Researchers observing that the ransomware was dropped on old Windows systems using exploits abusing the flaw tracked as CVE-2021-44228 and known as Log4shell. Samples deployed in attacks using Log4shell exploits mostly impacting Chinese targets, according to Curated Intelligence.

Advertisements

The ransomware has a Linux version that harvests SSH keys and moves laterally throughout victims’ networks.

This is not the first time that Tellyouthepass ransomware has used high-risk vulnerabilities to launch attacks. As early as last year, it had used Eternal Blue vulnerabilities to attack multiple organizational units.

According to submission stats to the ID Ransomware service, TellYouThePass ransomware has seen a massive and sudden spike in activity after Log4Shell proof-of-concept exploits were released online.

MITRE ATT&CK Technique

Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: