New Tycoon ransomware targets both Windows and Linux systems

[correlate]

Level 18
Thread author
Top Poster
Well-known
May 4, 2019
801
A new human-operated ransomware strain is being deployed in highly targeted attacks targeting small to medium size organizations in the software and education industries since at least December 2019.

The ransomware, dubbed Tycoon by security researchers with BlackBerry Threat Intelligence and KPMG, is a multi-platform Java-based malware that can be used to encrypt both Windows and Linux devices.

Tycoon is manually deployed by its operators in the form of a "ZIP archive containing a Trojanized Java Runtime Environment (JRE) build" after they infiltrate their victims' networks using vulnerable and Internet-exposed RDP servers as a stepping stone.

While Tycoon has been used in the wild for at least the last six months, it is apparently using in highly targeted attacks given the limited number of victims so far.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top