Ransomware Tycoon: New Threat

What is Ransomware

Ransomware is a type of malware that targets a victim’s file. The malware the user out of their data or steals the files through the use of encryption. The attacker then threatens to expose the files unless the victims pay a ransom. The most common form of payment is bitcoin. Ransomware delivery is in the way of phishing attempts. A phishing attempt is an email with malicious links attached to get the victim to click on these links, which unleash the ransomware into their files. Once the files become encrypted, it is nearly impossible to gain access to the data without the encryption key held by the attacker

Attackers have found a way around Windows 10 ransomware protection.   A new kind of ransomware known as Tycoon has found a way to target Windows devices. This ransomware uses a Java file format to disguise the malware until it reaches the desired files quickly

Blackberry Research

An educational institute fell victim to this kind of attack. The institute called in a consulting agency known as KPMG, which also partners with Blackberry’s Security research unit to investigate the incident. The attack was carried out by hacking into a remote desktop and deploying a backdoor to gain entry to the network. Once they have access through the back door, the attacker goes into a period of no activity. The period of inactivity can last anywhere between a week to a couple of months. After the period is up, it enters through the backdoor and disables any antivirus software to minimize the possible detection of the attack

The first detection of the ransomware Tycoon was in December 2019. Tycoon is present in Windows computers mostly, but researchers believe it can infect Linux systems. The number of victims has been minimal leading experts to believe this is a particular and targeted attack. Many of the victims include educational and software institutes. Since this type of attack can go undetected effortlessly, experts assume that the number of victims is higher than recognized. There are some ways to prevent an attack like this from happening

Check out our blog on ransomware and how to avoid it!

Anonymous Cyber Attacks and How They Do It

On May 25th, the country came together under one emotion: rage over the murder of George Floyd on the streets of Minneapolis. The country has experienced an increase in protests, riots, and even cyberattacks. An activist group that routinely appears amidst a scandal is back, Anonymous.

Anonymous is a “decentralized” international activist/hacktivist group that performs cyber-attacks against several different kinds of institutions. The institutions that find themselves victims of these attacks are targets because of their misuse of power.

Latest Anonymous Target

The latest target of infamous Anonymous cyber-attacks happens to be the Minneapolis Police Department. Anonymous released a callout video on social media stating their discontent with the police department and threatened to enact justice and expose the corruption to the world.

Click here to watch the Anonymous video.


Shortly after the video was released, the Minneapolis police department website experienced an outage, and the Chicago police radios streamed NWA’s “F*ck The Police.”  

The Anonymous hacks were complete by using a distributed denial-of-service or DDoS attack. A DDoS attack is an attempt to disrupt regular traffic by directing a flood of internet traffic to the targeted server, service, or network.

Just like any functioning system, there are several moving parts found in DDoS attacks. Networking and telecommunication systems have multiple layers to them. Each layer has a specific role or function and assists in the successful operation of a full ongoing system. Different types of DDoS attacks target specific segments to expose and take advantage of their weak spots.

Download the OSI Model now!

Types of DDoS Attacks

To perform a DDoS attack, the attacker must gain control of a system and infect the devices with malware. The malware turns the device into a bot, which can give power back to the hacker. Each device infected with malware becomes known as a botnet, and once a botnet forms, directions can be sent to each bot. The bots then flood the network with instructions and reach capacity, therefore not allowing regular access from normal traffic. there are three kinds of attacks.

Application Layer Attacks

Application layer attacks or Layer 7 attacks, consist of overwhelming the server with HTTP requests. The attacks target specific applications and do so by identifying vulnerabilities or weak spots and taking advantage of them. Many attacks occur in unidentifiable patterns that allow monitoring and modification to cause the maximum amount of damage. Application layer attacks can also take place on a large scale. Due to the large size of the attack, it is almost impossible to maintain a list of known patterns, resulting in difficulties defending from new attacks.

Protocol Attacks

Protocol or layer 3 and 4 attacks, target the victim’s infrastructure. These disrupt services by consuming all the available web server capacity or resources such as firewalls or load balancers. One of the most common forms of a protocol attack is known as an SYN Flood. A synchronized request is sent to a server when a user tries to access it; another message submits when it is accepted, known as SYN-ACK, then the visitor gets a message of ACK or acknowledges which allows them access to the website. An SYN Flood attack sends the SYN message but never sends back the SYN-ACK message. Not receiving an acknowledgment message makes the server wait for a signal while receiving an abundance of SYN messages. In other words, the overload of new signals results in the crashing of the server.

Volumetric Attacks

A volumetric attack is one of the most significant forms of DDoS attacks. A volumetric attack works just what it sounds like it does. therefore, volumetric attacks create congestions by utilizing all the bandwidth between the target and the internet. These attacks often consume more than 100Gbps of bandwidth. A large amount of data congests the target server, which prevents any other user from accessing the server. These attacks require the minimum amount of resources and produce the maximum level of damage. The small amount of resources needed to deliver a great outcome is why they are the most widely used form of DDoS attack.

Ways to Mitigate DDoS Attacks

Cyber attacks are increasing every day. Cyber attacks have become one of the biggest threats to businesses and organizations around the world. Check out SonicWall’s 2020 Cyber Threat report here!

The best way to mitigate an attack is to prepare for one. Having the proper security in place always lessens the chance of an attack being successful. The components of a good plan include:

  • Systems checklist
  • A response team
  • Define notification and escalation procedures
  • List internal and external contacts

A multi-level protection strategy should always be in place. For instance, the combination of firewalls, VPN’s, anti-spam, content filtering, load balancing, and other layers of protection are proactive in covering every front possible. Multi-layer security also includes making sure your systems in place are up to date. It is effortless to work around an out of date system or network.

The most important way to avoid these kinds of attacks is to use the best cybersecurity practices. Engaging in best practices effectively minimizes the risk of attacks. Above all, employers need to educate and build awareness within their employees to know the best practices. Secure passwords and familiarity with phishing emails are necessary for maximum security efforts. 

COVID19 Makes The Remote Workforce More Vulnerable to Cyber Attacks

COVID19 has affected every business across the globe. The U.S Bureau of Labor Statistics reported the unemployment rate rose to 14.7 percent in April 2020. Find the report published by the Bureau of Labor Statistics here.

The rise in unemployment is primarily due to many industries having to cease operations altogether. However, some were a bit luckier. Able businesses shifted to an entirely remote workforce. This transition happened very quickly and disrupted many standard business procedures. The intentional shift to a remote workforce was temporary and not expected to last long. However, we may see a remote workforce become the new normal.

Working remote was an option long before the emergence of COVID19. As a result of improved technology, the mobility of the workforce has increased. With the majority of businesses now having to follow suit due to COVID19, the question arises- Is a remote workforce a security threat to business? The short answer is, it does not have to be. 

Easy Targets

Remote workers are a natural access point for potential attackers. Many remote workers work on multiple devices. The numerous devices used could be a combination of company-provided devices and also personal ones. Shared devices usually consist of weak networks and insecure passwords. Many do not even employ a basic VPN, in turn leaving their whole system vulnerable. Therefore, their devices are not as secure as devices found in corporate offices.

Increased Risks Due to COVID19

In today’s world, the threat landscape is becoming more deceptive. In 2019 alone, there were over 9.9 billion malware attacks. Here are some other risks to be concerned about:

  • Phishing
  • Social Engineering
  • Ransomware
  • Zero-Day Attack

During a major crisis, the amount of cyber-attacks generally surges. Consequently, that is what is happening during COVID19. The attacks taken advantage of in times like these are usually social engineering and phishing. For instance, attackers will send emails with COVID19 headlines or offering “free” services that one may need in a time like this. People often fall for these deceptive headlines and become victims of a cyber attack. It is essential to educate the workforce on how to recognize these attack attempts.

Take Advantage of Cybersecurity

Giving workers the necessary access to security and operational tools will ensure that all proprietary information is secured. Using a secure gateway is an efficient way to protect all correspondence between workers, whether it is voice or web-based. 

Download our PDF for more information on secure gateways and what they can do for your workforce.

Remote employees make up the most significant percentage of the workforce today. As a result, the way the world conducts its business is about to see a paradigm shift. Companies cannot expect the remote workforce to bear the entire weight of ensuring the security of their networks. In conclusion, it is a business’s responsibility to protect its more susceptible employees. In doing so, the company itself becomes more secure.

Check out what CREG Systems can do for you in terms of cybersecurity!

Related Posts


SonicWall, a leader in the security platform category has published its 2020 Cyber Threat Report delivering critical threat intelligence to help organizations better understand how cybercriminals think.

Highlights include:

  • Malware, ransomware attack volume down 6% and 9%, due to more targeted attacks
  • Connected-device dependence leads to 5% increase in IoT attacks, over 34 million exposed
  • Over 40 million web app attacks detected, 52% year-over-year increase
  • Encrypted threats up 27%, almost 4 million identified

Click here to download the full report

#CREGSystems is proud to partner with SonicWall to bring you the latest in #CyberSecurity and #Firewall Options.  Contact us today to learn more about how we can help you mitigate your risks of malware and ransomware attacks!