An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
June 7, 2020 01:34 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/EVTGR0WX10o/new-java-based-ransomware-targets-linux-and-windows-systems
New Java-Based Ransomware Targets Linux and Windows Systems
"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign."Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries. Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack... After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email. The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/EVTGR0WX10o/new-java-based-ransomware-targets-linux-and-windows-systems
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot