Recently discovered, the ransomware dubbed Tycoon in reference to its code has been rampant since December 2019. The latter differs from other malware of the same type by the techniques it uses to target its victims.
His discovery was the result of the work of BlackBerry researchers and KPMG cybersecurity analysts. They explain that Tycoon is indeed different from other ransomware in several points. First, it seems that its creators are primarily targeting Windows and Linux machines from organizations in the education and software sectors. Its operation is also unusual since it is written in Java language, it deploys in the same way as a Trojan horse in a Java runtime environment and then takes the form of a Java image file so as not to to be spotted.
An unusual ploy
"Java is very rarely used to write malware on terminals, because it requires the Java runtime environment to be able to execute the code. Image files are rarely used for malware attacks, Éric Milam, vice president of research and intelligence at BlackBerry, told ZDNet. Attackers are turning to unusual programming languages and obscure data formats. Here, the attackers did not have to hide their code to succeed in achieving their objectives. "
Without going into technical details (more information here), once it has infiltrated a system, the ransomware is able to deactivate anti-malware software in order to deploy itself as it wants on the machine. He can thus encrypt the network and the computer files and demand a ransom from his victims in exchange for a decryption key.
The ransom amount varies depending on how quickly the victim makes contact with hackers by email. Payment must be made in bitcoin. However, it is recommended not to give in to pressure from criminals and to contact the police. For the moment, it is difficult to estimate the number of victims of Tycoon.
High-Tech
Hackers behind Shade ransomware apologize, share decryption keys
High-Tech
Phishing: Apple customers are prime targets for hackers
- Computer virus
- Computer science
- Cyber attack
- Personal data
- Phishing
- Linux
- Cybersecurity
- Cybercriminality
- High-Tech
- Windows