Tycoon virus encrypts data on the victim’s computer and demands a ransom for their return. For a long time, malware managed to bypass anti-virus programs and go unnoticed on the network.
Specialists have identified a new Tycoon computer ransomware virus that manages to bypass antiviruses and go unnoticed for a long time. This was reported by the press service of the company Blackberry.
It is noted that for encryption, the virus uses a little-known Java file format for invisible penetration. Specialists discovered Tycoon when they were working on information recovery in a cyber-attacked educational institution in Europe.
The company notes that the virus attack begins as standard: compromise is carried out through dangerous RDP servers that are “visible” from the Internet. Then the process changes, attackers use IFEO injection to ensure a stable presence in the system, launch a backdoor with OSK, and also disable anti-virus programs using ProcessHacker.
Having gained a foothold in the company’s network, attackers launch a ransomware module in Java that encrypts all file servers connected to the network, including backup systems.
It is noted that Ransomware operators, as a rule, use powerful encryption algorithms, and cryptocurrencies require a ransom. For most victims, the only option is to hope that they have a backup or pay a ransom. However, law enforcement officers are asking not to pay the ransom to the ransomware.
Recall last year in Windows discovered a dangerous Djvu ransomware virus.
It was also reported that a new thief virus was found that attacks Android gadgets and begins to manage them remotely.