Level 14
A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.

The ransomware, dubbed Tycoon by security researchers with BlackBerry Threat Intelligence and KPMG, is a multi-platform Java-based malware that can be used to encrypt both Windows and Linux devices.

Tycoon is manually deployed by its operators in the form of a "ZIP archive containing a Trojanized Java Runtime Environment (JRE) build" after they infiltrate their victims' networks using vulnerable and Internet-exposed RDP servers as a stepping stone.

While Tycoon has been used in the wild for at least the last six months, it is apparently using in highly targeted attacks given the limited number of victims so far.