Tags
Ransomware
Techniques
Vulnerability exploitation
Incidents
RCE Vulnerability in PHP CGI Exploited by TellYouThePass
References
https://www.sentinelone.com/anthology/tellyouthepass/https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/
Last edited
Aug 7, 2024 10:39 AM
TellYouThePass is a commodity-level ransomware that first appeared in 2019 and has recently resurfaced with the exploitation of Apache (Log4j) vulnerabilities. It targets both businesses and private individuals, focusing on specific vulnerabilities like CVE-2021-44228. The ransomware, written in Go, employs AES-256 and RSA-1024 for file encryption and is compatible with both Windows and Linux systems. Upon execution, it gathers system information and attempts to terminate processes or services that might hinder the encryption process. Unlike other ransomware, TellYouThePass does not maintain a public blog or victim data repository.