This new ransomware is targeting Windows and Linux PCs with a 'unique' attack

This new ransomware is targeting Windows and Linux PCs with a 'unique' attack 1

A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign.

Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique which helps stay hidden on compromised networks. 

The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It’s an unusual form of ransomware because it’s written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions.

“These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks,” Eric Milam, VP for research and intelligence at BlackBerry told ZDNet.

“Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code were nonetheless successful in accomplishing their goals,” he added.

However, the first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing RDP servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)    

Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings which more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack.

“Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways,” said Milam.

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos – and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.

Researchers suggest that Tycoon could potentially be linked to another form of ransomware, Dharma – also known as Crysis – due to similarities in the email addresses, names of encrypted files and the text of the ransom note. 

And while Tycoon does have some unique means of executing an infection, like other forms of ransomware, it’s possible to prevent it from getting that far.

As RDP is a common means of compromise, organisations can ensure that the only ports facing outward to the internet are those which require it as an absolute necessity.

Organisations should also make sure that accounts which do need access to these ports aren’t using default credentials or weak passwords which can easily be guessed as a means of breaking in.

Applying security patches when they’re released can also prevent many ransomware attacks, as it stops criminals exploiting known vulnerabilities. Organisations should also ensure they regularly backup their network – and that the backup is reliable – so that if the worst happens, the network can be restored without giving into the demands of cyber criminals.

READ MORE ON CYBERSECURITY

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 61,250.00
ethereum
Ethereum (ETH) $ 4,128.04
binance-coin
Binance Coin (BNB) $ 484.50
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 196.19
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.75
dogecoin
Dogecoin (DOGE) $ 0.250067
usd-coin
USD Coin (USDC) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 61,250.00
ethereumEthereum (ETH)
$ 4,128.04
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 630.69
litecoinLitecoin (LTC)
$ 198.16
bitcoinBitcoin (BTC)
52.599,97
ethereumEthereum (ETH)
3.545,06
tetherTether (USDT)
0,858775
bitcoin-cashBitcoin Cash (BCH)
541,62
litecoinLitecoin (LTC)
170,17
bitcoinBitcoin (BTC)
44,447.59
ethereumEthereum (ETH)
2,995.62
tetherTether (USDT)
0.725675
bitcoin-cashBitcoin Cash (BCH)
457.68
litecoinLitecoin (LTC)
143.80

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021

Blockchain/Cryptocurrency Questions and Answers

ICo Presale
The Science Behind ICO Presales…
October 14, 2021
Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin61,330 0.31 % 0.57 % 0.27 %
Ethereum4,130.4 0.25 % 2.64 % 7.16 %
Binance Coin485.00 0.08 % 0.85 % 3.67 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano2.160 0.23 % 0.32 % 1.12 %
Solana196.28 0.82 % 3.29 % 24.01 %
XRP1.090 0.24 % 0.42 % 4.04 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2505 0.11 % 2.15 % 5.01 %
USD Coin1.000 0.14 % 0.20 % 0.17 %

bitcoin
Bitcoin (BTC) $ 61,250.00
ethereum
Ethereum (ETH) $ 4,128.04
binance-coin
Binance Coin (BNB) $ 484.50
tether
Tether (USDT) $ 1.00
cardano
Cardano (ADA) $ 2.16
solana
Solana (SOL) $ 196.19
xrp
XRP (XRP) $ 1.09
polkadot
Polkadot (DOT) $ 43.75
dogecoin
Dogecoin (DOGE) $ 0.250067
usd-coin
USD Coin (USDC) $ 1.00