Tycoon: The Ransomware Hits Windows and Linux Servers

Tycoon Ransomware

Recently, a Ransomware developed in Java, named the Tycoon has targeted both Linux and Windows servers. The developers of this ransomware penetrated into a certain organization with the intention to encrypt top-secret files and demand a ransom from the owner 

According to recent reports, Blackberry Research and Team Intelligence with KPMG’s Cyber Response Services have sorted out what really happened regarding the attack of the Tycoon. There has been ongoing research, which will tell us how to combat the ransomware. 

Details of Tycoon, a Ransomware

Developers of Tycoon took advantage of Java’s open-source platform in order to write malicious codes. Furthermore, they also tried to bypass the exposure with the help of an obscure Java image file format which is JIMAGE. It actually stores the JRE (Java Runtime Environment) images that are stored in the JVM (Java Virtual Machine). 

On the very first step, the ransomware enters your system in a zipped format. It is called a Trojanized JRE Build. The build contains the AES-256 Encrypted algorithm in the form of Galois Counter (GC) mode with 16 bytes lengthy authentication. In order to speed up the process, they also use asymmetric RSA algorithms. 

The use of this algorithm requires brilliant computing power. Both Blackberry Research and KPMG’s Cyber Response Services are now witnessing completely new ransomware. The Tycoon is abusing the Java JIMAGE including a customized JRE Build. 

The Phase of Attack 

The developers of Tycoon generally targeted middle-level companies, along with schools, organizations, and other software companies as well. The infection penetrates with the help of RDP (Remote Desktop Protocol). This protocol is used by various organizations in their own intranet for security purposes. 

The attacker connects to the victim systems with the help of the RDP server on the internet. After that, they find an easy target and gather the necessary credentials. When the searching process is done, it disables the security software. Now, the virus continues to move on laterally over the network. After that, when the batch file enters the victim’s system, the attacker runs it and the system gets affected. 

Ideas and Plans to Safeguard: Important Information

Experts are suggesting that people should back up their important data at the end of the day to avoid such attacks. Moreover, every security team of the organizations must choose the pattern of signature behavioural analytics including machine learning. In addition to that, they must keep a strong R&D team behind it. 

They must back up all the vital information in a cyber hygienic way in external storage devices. Furthermore, they can also add another security layer in their own cloud storage to stop unauthorized encryption.