A new type of ransomware that targets Windows and Linux computers is attacking companies in the education and software sectors in Europe. The alert was given by BlackBerry, on Thursday (4).
Discovered by the company’s experts, working in partnership with KPMG security analysts, Tycoon ransomware is written in Java and deployed on attacked PCs in the form of a trojanized Java Runtime Environment (JRE), making it difficult to detect by antivirus when compiled. in a Java image file.
Then, the settings for the execution options of this file are stored in the system registry, giving cybercriminals the possibility to disable the anti-malware on the machine, opening the door to the malicious file’s action.
After running Tycoon on Windows or Linux, the ransomware starts to encrypt the files, which get extensions like .grinch, .redrum and .thanos. To release them, hackers require payment in bitcoin, with the amount depending on the speed of the victim’s response.
Attacks started six months ago
This new ransomware was first detected in December 2019 and has since been monitored by BlackBerry. All of this Tycoon action time suggests that attack campaigns are succeeding in demanding the rescue of the files.
The company said that, for now, there are a limited number of victims. Even so, it is necessary to take some precautions to avoid infection, especially with RDP servers facing the internet, the main gateway for malware in the system.
According to the company, accounts that access the doors need to be protected by strong passwords. In addition, computers must be up to date and running security solutions. Another precaution mentioned is that of backing up the network regularly, so that it can be restored without yielding to the requirements of hackers, in the event of data hijacking.
