"New 'Tycoon' Ransomware Strain Targets Windows, Linux"
Researchers from BlackBerry and KPMG have reported a newly discovered form of Java-based ransomware, called Tycoon. The new Tycoon ransomware strain is deployed as a Trojanized Java Runtime Environment (JRE). It is compiled into a Java image file (JIMAGE), making it harder to detect as antivirus software usually does not parse JIMAGE files. Activities with these files often go unquestioned. Tycoon targets Windows and Linux machines, as indicated by the malicious JRE build containing both Windows and Linux versions of a shell script that set off the ransomware when executed. There seems to be an overlap between Tycoon and the Dharma/CrySIS ransomware based on email addresses, the ransom note text used, and the naming of encrypted files. This article continues to discuss findings surrounding Tycoon ransomware concerning its distribution and similarity with Dharma/CrySIS ransomware, as well as the observed growth in Java-based ransomware.
Dark Reading reports "New 'Tycoon' Ransomware Strain Targets Windows, Linux"