How Tycoon Ransomware Target Windows and Linux PCs in 2020?

Is Ransomware still a threat to the Windows and Linux users?

Ransomware attacks have been a major problem in the cyber-security sector for the last couple of years. Due to the heavy usage of the internet around the world on all kinds of devices including Smart Phones, Laptop, and Desktop computers, people are handling huge amount of data online every day. Those data include their professional information to personal information and even important personal documents, files, images, and folders. So, if somehow you or your system get into the trap of ransomware, there can be consequences in various ways.

 

Many people do think that if they use Linux based OS, that would make their system virtually invulnerable to any kind of virus attacks, but in reality, it is not true in all of the cases. As there are even many cases happened where the Linux users got their system infected with a virus, and there are even some new type of Ransomware virus out there which can even infect and take over the control of your highly protected Linux PC as well. Of course, the new kind of Ransomware does posses huge security risks for the Windows PCs too.

What is the new Ransomware creating Pandemic, in Cyber-Security?

There is new ransomware called Tycoon, spotted and named by the BlackBerry Research and KPMG Cyber Cell. According to researchers, this ransomware is being targeted towards SMBs in the IT and Online Education industries. Which makes the Tycoon Ransomware a dangerous one, is the ability to target both the Windows and Linux systems.

Tycoon Ransomware Targets Windows and Linux PC
Image source – BlackBerry Research and KPMG Cyber Cell

All about Tycoon Ransomware

  • Tycoon is a manually deployed malware that mainly targets the individual systems and systems connecting to the RDP server.
  • Tycoon Malware can detect and identify potential targets and can gather admin credentials or login credentials with the help of some other 3rd party malware application, as a package. After getting the credentials the target systems get infiltrated or illegally accessed and the Tycoon disables the active antivirus application in the system. After that, it will install a ProcessHacker app hacker-as-a-service utility.
  • Then at the time of execution upon the next reboot, it will act as a “Java Runtime Environment” file in a Trojan form, so that the malware can evade the detection by piggy-backing as an obscure java image format. Then IFEO ( Image File Execution Options) injection is stored in the Windows Registry, which enables a dev function which lets the developers debug their application using the just saved file during execution of the target application. Thus the malware got control over the system on behalf of the Devs.
  • Then the rest is usually like any other Ransomware attacks, where the malware would encrypt the file servers and the files in it and will demand a ransom to the user of that system.
  • BlackBerry researchers reported that the JRE build which they detected, contains both the Windows and Linux versions of IFEO (image file execution option) settings. This implies the attackers can attack a variety of systems based on Windows & Linux platforms using the same virus.

Wrapping Up

So, if you do think due to the latest antivirus installed on your system or due to your use of Linux platforms can save you from this Ransomware attackers even in 2020, then you are utterly wrong.

Always remember, as the technology progress with time, the techno-criminals are also advancing with it. The Malware writers and the virus programmers are looking for new ways daily so that they can fly under the radar. Also, the old conventional ways of cyber attacks are being obsolete day by day as your antivirus app is already equipped to deal with it. The modern-day hackers are looking for new possible ways to exploit the vulnerabilities in your system and OS platform.

According to reports and stats, the Tycoon Ransomware is active since the beginning of 2020, though till date a very limited number of victims have been registered, the virus still looms there like Covid-19 with no cure for it. So, you stay safe, also keep your systems safe.