Ransomware Tycoon: New Threat

What is Ransomware

Ransomware is a type of malware that targets a victim’s file. The malware the user out of their data or steals the files through the use of encryption. The attacker then threatens to expose the files unless the victims pay a ransom. The most common form of payment is bitcoin. Ransomware delivery is in the way of phishing attempts. A phishing attempt is an email with malicious links attached to get the victim to click on these links, which unleash the ransomware into their files. Once the files become encrypted, it is nearly impossible to gain access to the data without the encryption key held by the attacker

Attackers have found a way around Windows 10 ransomware protection.   A new kind of ransomware known as Tycoon has found a way to target Windows devices. This ransomware uses a Java file format to disguise the malware until it reaches the desired files quickly

Blackberry Research

An educational institute fell victim to this kind of attack. The institute called in a consulting agency known as KPMG, which also partners with Blackberry’s Security research unit to investigate the incident. The attack was carried out by hacking into a remote desktop and deploying a backdoor to gain entry to the network. Once they have access through the back door, the attacker goes into a period of no activity. The period of inactivity can last anywhere between a week to a couple of months. After the period is up, it enters through the backdoor and disables any antivirus software to minimize the possible detection of the attack

The first detection of the ransomware Tycoon was in December 2019. Tycoon is present in Windows computers mostly, but researchers believe it can infect Linux systems. The number of victims has been minimal leading experts to believe this is a particular and targeted attack. Many of the victims include educational and software institutes. Since this type of attack can go undetected effortlessly, experts assume that the number of victims is higher than recognized. There are some ways to prevent an attack like this from happening

Check out our blog on ransomware and how to avoid it!