A New Free Ransomware Decryptor Introduced
A ransomware known as Tycoon was discovered by security researchers from the BlackBerry’s security unit and it utilizes a little-known Java file format that makes its detection more difficult prior to detonating its file-encrypting payload. The aim of the ransomware’s operators is to request a ransom in cryptocurrency after the successful attack.
However, a solution has been provided as Emsisoft introduced a free tool for decrypting files impacted by a variant of the Tycoon ransomware attack.
The free tool for decryption was released by Malware lab, Emsisoft, on June 4 and it helps with the recovery of files encrypted by Tycoon ransomware attacks without the need to pay the ransom.
The researchers initially discovered the ransomware, noting in TechCrunch that the ransomware utilizes a Java file format:
“The researchers said it was the first time they’ve seen a ransomware module compiled into a Java image file format, or JIMAGE. These files contain all the components needed for the code to run — a bit like a Java application — but are rarely scanned by anti-malware engines and can go largely undetected.”
The ransomware was called Tycoon by BlackBerry as a reference to a folder name found in the decompiled code. According to the researchers, the module had code allowing the ransomware to run on both Windows and Linux computers.
The researchers noted that those who operate ransomware generally utilize powerful, off-the-shelf encryption algorithms for scrambling victims’ files and receive a ransom, usually demanded in cryptocurrency. However, victims who have backup ignore the demand for a ransom and even the FBI discouraged victims from paying the ransom a long time ago.
In recent times, it was discovered that the ransomware majorly infects academic institutions and software houses. The researchers believe that more systems have been infected compared with the stated number.
More recent versions of Tycoon ransomware have been enhancing its attack power, said the researchers. In the past, it was possible to use decryption tools to recover files for several victims, but not anymore.