icon-logo
  • Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that have not had Log4j updated.

The group’s first registration occurred in December 2021, which all indicates that the group was created to directly exploit Apache Log4j vulnerabilities, but this may be just the beginning, the group may broaden its scope.

Unlike groups that use RaaS tactics, Khonsari is a closed and exclusive group, which shows that their attacks are targeted at specific companies.

The malware is relatively simple and small, it weighs only 12 KB, this makes it virtually unnoticeable for antivirus, the group acts only with encryption and there is no file theft.

The group uses AES 128 encryption, and interestingly the decryption key is also encrypted, but RSA encryption is used.

The key stays in the ransom note that is opened automatically after encrypting files, the .khonsari extension is added to all encrypted files.

If the note is deleted, the files cannot be decrypted, because the key was deleted along with the note.

If the decryption key is deleted, only a company that specializes in recovering files encrypted by ransomware can recover the files.

The best defense against Khonsari ransomware is to keep Log4j up to date.

Recover Files Encrypted by Khonsari Ransomware

Recovery of files encrypted by Khonsari ransomware is possible even without the decryption key, Digital Recovery is capable of it.

With more than two decades in the data recovery market, we have developed the necessary experience to act in the most drastic data loss scenarios, which today is summed up as data loss by ransomware attack.

We can recover encrypted files on hard drives, SSDs, databases, storages (NAS, DAS, SAN), RAID systems, servers, virtual machines, among others.

All our processes are exclusive and customized for each client, during the whole process the client will be in contact with one of our specialists.

We make available to all our clients the confidentiality agreement (NDA).

Contact us and start the recovery process right now.

Editorial Team

Editorial Team

Team Digital Recovery is composed of data recovery specialists who, in a simple way, aim to bring information about the latest technologies on the market, as well as inform about our ability to act in the most complex data loss scenarios.

Digital Recovery helps companies recover data

TALK TO A SPECIALIST

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →
All Variants
Success Cases
Recover Ransomware

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Talk to an Expert
Single
Virtual Machine
Storage
Raid System
Special Cases
Database
Tape
Cybersecurity
DIGITAL FORENSIK
4D-Pentest

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery

Talk to an Expert
Choose your country