With digital platforms on a growth spree, cyber attackers are targeting them with various forms of malware and phishing tactics. Various security firms have already shared details, infact Microsoft shared a report on how COVID-19 was becoming a hot subject for attackers to prey their victims. And now there’s a new report coming in which brings more concerns for institutions that are adopting digital measures.
The ransomware is called Tycoon, which has been discovered by security experts at BlackBerry. The company has been quoted by ZDNet in its report, which says, this is a unique form of attack since the trojan ransomware has been written into Java code by the perpetrator. It says the Tycoon seems to have been active since December 2019 and has been designed by cyber thieves who’re specifically targeting individual or groups.
The report points out the ransomware stays hidden and has beendeployed as a trojanised Java Runtime Environment into a Java file image, which makes it hard to detect for the system and its security solutions. The experts are bewildered with the use of Java to infect the malware into the system, especially since the language is more or less becoming redundant for digital specialists nowadays.
The specialist further details the focus on the Tycoon, which uses a sophisticated mechanism to penetrate into a system via the software installed on it. If and when they manage to execute the ransomware and Tycoon becomes active inside the solution, the attackers can remote block access to the system for the company. And their best bet is to pay up for the ransom demand, after which the criminals will offer them the chance to take back control by passing on the decryption keys to the victim.
The best way out for the companies to prevent such attacks from making an impact is to secure their network servers, make sure the access ports are only available to select people who really need them to operate the network. More importantly, organisations should take backups of their network, which makes sure the attackers don’t have access to data that’s solely residing on the network.