New ransomware now being deployed in Log4Shell attacks

The first public instance of the Log4j Log4Shell vulnerability used to download and install ransomware has been identified by researchers. The exploit enables attackers to install various malware, including coin miners, botnets, and Cobalt Strike beacons. Security company BitDefender found the first ransomware being installed directly via Log4Shell exploits. The newly identified ransomware, named “Khonsari”, securely encrypts files and does not provide a method of contact for ransom payment, hinting that it might be a wiper rather than typical ransomware.