Aliases: No associated aliases
Microsoft Defender Antivirus detects and removes this threat.
This threat is human-operated ransomware. Khonsari ransomware affects files on drives connected to your device, as well as in certain folders on the C drive, such as Desktop. Files targeted by this ransomware are encrypted and are given a new file extension ending in ".khonsari".
Read the following blogs for more information about Log4Shell:
In addition, the following page provides information on ransomware threats:
There is no one-size-fits-all response if you have been targeted by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files.
To help reduce the impact of this threat, you can:
Microsoft Defender Antivirus detects and remediates files associated with Khonsari ransomware. Microsoft Defender for Endpoint detects behaviors associated with Khonsari pre-ransom activities. Additionally, using Tamper Protection can help defend against turning off security tools. If you have cloud-delivered protection, your device gets the latest defenses against new and unknown threats. If you don't have this feature enabled, update your antimalware definitions and run a full scan to remove this threat.