Skip to main content

Use of Log4j vulnerabilities in ransomware activity

The ACSC expects an increase in ransomware activity using Log4j as an exploit vector. Malicious actors may take advantage of trivial exploits to impact Australian organisations.

Alert status
HIGH

Background / What has happened

The ACSC is aware of reports that ransomware groups, previously responsible for impacting Australian organisations, have been leveraging the Log4j vulnerability. For example, A ransomware profile of Conti is available.

If you were to suffer a ransomware attack, loss of any data could limit the ability for your business to conduct day-to-day activities, impact to your reputation and credibility, or risk losing customers. While you might think photos and other business documents are most important, it is worth considering other data that is critical to your business operations. If left unfixed, ransomware can cause severe damage. It can hurt your reputation, and cost you money.

Mitigation / How do I stay secure?

The ACSC has published specific guidance on mitigating the Log4j vulnerability via an advisory and information on the risks, impacts and preventative actions associated with ransomware via an additional advisory.

The ACSC continues to monitor the situation and work with our partners. On 23 December 2021 the ACSC released a joint advisory to provide further mitigation guidance on addressing vulnerabilities in Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it