Named Tycoon after references in the code, this
ransomware has been active since December 2019 and looks to be the work of
cyber criminals who are highly selective in their targeting. The malware also
uses an uncommon deployment technique that helps stay hidden on compromised
networks.
Tycoon is a multi-platform Java ransomware targeting Windows® and Linux® that
has been observed in-the-wild since at least December 2019[1].
It is deployed in the form of a Trojanized Java Runtime Environment (JRE) and
leverages an obscure Java image format to fly under the radar.
The threat actors behind Tycoon were observed using highly targeted delivery
mechanisms to infiltrate small to medium sized companies and institutions in
education and software industries, where they would proceed to encrypt file
servers and demand a ransom. However, due to the reuse of a common RSA private
key it may be possible to recover data without the need for payment in earlier
variants.
To read
more go here
