Windows devices with a unique ransomware family called Khonsari as well as a remote access Trojan dubbed Orcus

The attack takes use of the remote code execution issue to download an extra payload, a.NET binary, from a remote server, encrypting any files with the extension “.khonsari” and displaying a ransom message urging victims to pay a Bitcoin ransom to regain access to the files.

CVE-2021-44228 is the bug’s official name, although it’s often known as “Log4Shell” or “Logjam.” To put it another way, the issue might force an afflicted system to download malicious software, providing attackers a digital foothold on company systems.

The Apache Software Foundation maintains Log4j, which is an open-source Java library. The tool, which has over 475,000 downloads on GitHub and is widely used for application event logging, is also a part of other frameworks like Elasticsearch, Kafka, and Flink, which are utilised in many major websites and services.

The news comes as the United States’ Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of active, widespread exploitation of the flaw, which, if left unaddressed, could grant unrestricted access and unleash a new wave of cyber attacks, as companies scramble to identify and patch vulnerable machines.

“An adversary can exploit this vulnerability by sending a specially crafted request to a vulnerable machine, causing that system to execute arbitrary code,” the NSA said in a statement released Monday. “The attacker can now take complete control of the system thanks to the request. The attacker can then steal data, start ransomware, or engage in other nefarious behaviour.”

In addition, CISA has added the Log4j vulnerability to its Known Exploited Vulnerabilities Catalog, giving government agencies until December 24 to implement remedies. Government agencies in Austria, Canada, New Zealand, and the United Kingdom have all issued similar warnings in the past.