www.itfunk.orgwww.itfunk.orgwww.itfunk.org
  • Home
  • Tech News
    Tech NewsShow More
    The Hidden Sabotage: How Malicious Go Modules Quietly Crashed Linux Systems
    6 Min Read
    Agentic AI: The Next Frontier in Cybersecurity Defense and Risk​
    5 Min Read
    Cybersecurity CEO Arrested for Allegedly Installing Malware on Hospital Computers: A Stark Reminder of Insider Threats
    8 Min Read
    Cybercriminals Hijack Google’s Reputation
    7 Min Read
    Apple and Google Join Forces to Patch Actively Exploited Zero-Day Vulnerabilities in iOS and macOS
    5 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How To Guides
    How To GuidesShow More
    Nviqri Someq Utils Unwanted Application
    4 Min Read
    How to Deal With Rbx.fund Scam
    4 Min Read
    How to Jailbreak DeepSeek: Unlocking AI Without Restrictions
    4 Min Read
    Why Streaming Services Geo-Restrict Content?
    10 Min Read
    Anonymous France Ransomware: A Comprehensive Guide
    9 Min Read
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    IT/Cybersecurity Best PracticesShow More
    Affordable Endpoint Protection Platforms (EPP) for Small Businesses
    5 Min Read
    Outlaw Malware: A Persistent Threat Exploiting Linux Servers
    4 Min Read
    CVE-2024-48248: Critical NAKIVO Backup & Replication Flaw Actively Exploited—Patch Immediately
    6 Min Read
    How to Jailbreak DeepSeek: Unlocking AI Without Restrictions
    4 Min Read
    Microsoft Patches Critical Security Flaws in Azure AI Face Service and Microsoft Account
    5 Min Read
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org. All Rights Reserved.
Reading: Tycoon Ransomware: A Comprehensive Overview of the Threat
Share
Notification Show More
Font ResizerAa
www.itfunk.orgwww.itfunk.org
Font ResizerAa
  • Tech News
  • How To Guides
  • Cyber Threats
  • Product Reviews
  • Cybersecurity for Business
  • Free Scan
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How To Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • Cybersecurity for Business
  • FREE SCAN
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 ITFunk.org All Rights Reserved.
www.itfunk.org > Blog > Cyber Threats > Ransomware > Tycoon Ransomware: A Comprehensive Overview of the Threat
RansomwareTech News

Tycoon Ransomware: A Comprehensive Overview of the Threat

ITFunk Research
Last updated: October 25, 2023 5:28 pm
ITFunk Research
Share
Tycoon Ransomware: What is it?
SHARE

Recent reports show another ransomware going after PC’s loaded with the Windows and Linux operating systems in what appears to be a targeted campaign.

The ransomware is named Tycoon, as a reference to portions of its code, and has been active since December of 2019 and looks to be the work of highly selective cybercriminals in terms of who they are targeting. This malware also uses an uncommon deployment technique that helps stay hidden on compromised computers.

Tycoon Utilizes Java Code 

Tycoon was uncovered by researchers at BlackBerry and analysts at KPMG. It’s an unusual form of ransomware because it’s written in Java, deployed as a trojanized Java Runtime Environment and is compiled in a Java image file to hide its malicious intentions.

“These are both unique methods. Java is very seldom used to write endpoint malware because it requires the Java Runtime Environment to be able to run the code. Image files are rarely used for malware attacks,” Eric Milam, VP for research and intelligence at BlackBerry, told website ZDNet.

“Attackers are shifting towards uncommon programming languages and obscure data formats. Here, the attackers did not need to obscure their code but were nonetheless successful in accomplishing their goals,” he added.

The first stage of Tycoon ransomware attacks comes via insecure internet-facing RDP servers. This is also a common attack technique for malware campaigns, and it often exploits servers with weak passwords.

After infiltration, the attackers use Image File Execution Options injection settings that more often provide developers with the ability to debug software. The attackers exploit privileges to disable anti-malware software using ProcessHacker to prevent the removal of Tycoon.

“Ransomware can be implemented in high-level languages such as Java with no obfuscation and executed in unexpected ways,” said Milam.

After the Tycoon files are run, the ransomware encrypts files that are given extensions including .redrum, .grinch and .thanos – and the attackers demand a ransom in exchange for the decryption key. Payment is requested in bitcoin, and the price depends on how quickly the victim gets in touch via email.

Researchers believe that Tycoon is linked to another form of ransomware, Dharma – also known as Crysis – due to similarities in the names of encrypted files, email addresses, and the content of the ransom note.

As RDP becomes a more common means of compromise, organizations should ensure that the only ports facing outward to the Internet are those that require it as an absolute necessity.

Entities should also ensure that accounts that do need access to these ports do not use default credentials or weak passwords that can be cracked easily.

Lastly, applying security patches when they’re released can also prevent many ransomware attacks. Companies should also regularly backup their network so that if the worst happens and they are infected with Tycoon, the network can be restored without giving into the demands of cybercriminals.

You Might Also Like

GovCrypt Ransomware
BackLock Ransomware (.backlock)
ITSA Ransomware
RALEIGHRAD Ransomware
LegionRoot Ransomware
TAGGED:RansomwareTycoon

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article phishing email ITFunk Archives: Fake Resume Email Scam
Next Article RANSOMWARE Sarwent Malware: Unmasking the Threat
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Think You're Infected? Let's Find Out – FAST.
SpyHunter identifies viruses, ransomware, and hidden threats in under a minute.
🛡️ Scan Your Device for Free
✅ Free Scan Available • ⭐ Catches malware instantly
//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Support

Sign Up for Our Newesletter

Subscribe to our newsletter to get our newest articles instantly!

 

www.itfunk.orgwww.itfunk.org
© 2023 www.itfunk.org. All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?