Khonsari Ransomware exploit
Log4j's Log4Shell vulnerability to inject malicious java class which in turns download the ransomware's .net executable. The ransomware used someone else's name Khonsari for the name of their ransomware and someone else's contact information. Therefore, it is unclear if this Khonsari is the real victim of a ransomware attack or is listed for some purpose. When referring to the Khonsari family, the extortionists may have been referring to other members of the family, including the famous screenwriter and video game director Khonsari . A Google search shows quite a few people with this last name. Moreover, the file name FecitAntiques.exe indicates a company in Louisiana (USA). It is still unknown either the company is victim or otherwise. Encrypted files are appended with
.khonsari Ransom extension.
Khonsari Ransomware Signatures
Family: Ransom:MSIL/Khonsari.A
MD5: 6ac57a1e090e7abdb9b7212e058c43c6
SHA256: f2e3f685256e5f31b05fc9f9ca470f527d7fdae28fa3190c8eba179473e20789
Khonsari Ransomware Download