A new variant of ransomware named ‘Tycoon’ was discovered by the cybersecurity researchers of security analyzing firm KPMG and they say that the newly discovered malware which targets Windows and Linux PCs tends to remain hidden for months and can disable all noted anti-malware software.
KMPG researchers say that the main targets for Tycoon malware are those organizations linked to the education and software industry and this discovery was made by the said firm in association with BlackBerry’s Cybersecurity research team.
Precisely speaking, Tycoon ransomware was first discovered in May this year when a technical team from KPMG started an investigation on a cyber attack launched on an educational institute operating in Europe.
Blackberry’s security experts then analyzed the malware and made it public on Thursday by disclosing that the newly found malware targets java file formats before it unleashes its payload of locking up files and folders.
What is amazing about the newly discovered Tycoon ransomware is that it was induced into the network using just a remote desktop server connected to the web via a Java Image file format. Then after being dormant for a while after deploying a persistent backdoor, the hackers spreading the malware are seen re-entering the network after disabling the anti-malware services, spreading ransomware across the network and holding data as a hostage until a ransom is paid.
As a folder found in the infected system had a decompiled code-named Tycoon, researchers from Blackberry named it as so and have confirmed that the file-encrypting malware uses off the shelf encryption algorithm to lock down the files on Microsoft Windows and Linux Operating system run computer systems.