Emsisoft launched a free tool that decrypts files affected by a variant of the Tycoon ransomware attack.
Malware lab, Emsisoft, released a free decryptor tool on June 4. The tool enables victims to recover files encrypted by Tycoon ransomware attacks without needing to pay the ransom.
Researchers from the BlackBerry’s security unit first discovered the ransomware. They stated in TechCrunch that Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files.
How does Tycoon work
Speaking with Cointelegraph, Brett Callow, threat analyst of Emsisoft, said:
“Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on RDP. Java-based ransomware is unusual, but certainly not unique. Microsoft warned about another Java-based ransomware strain, PonyFinal, last month.”
On the tool, Callow also clarified some of the limitations of the free tool “Emsisoft Decryptor for RedRum”:
“(…) the tool only works for files encrypted by the original Tycoon variant, not for files encrypted by any subsequent variants. This means it will work for files that have a .RedRum extension, but not for files with .grinch or .thanos extension. Unfortunately, the only way to recover files with those latter extensions is to pay the ransom.”
A multi-OS ransomware
BlackBerry’s researchers noted that Tycoon ransomware can run on both Windows and Linux computers, employing the same technique of asking for cryptocurrency payments like Bitcoin (BTC).
The latest findings show that Tycoon infections mostly target educational institutions and software houses. Researchers from BlackBerry believe that the actual number of infections “is likely far higher.”
Furthermore, they warn that newer versions of Tycoon ransomware have been improving its attack power. Previously, decryption tools could be used to recover files for multiple victims, but that is no longer possible.
On June 3, ElevenPaths, the specialized cybersecurity unit of the Spanish telecommunications conglomerate, Telefonica, created a free tool called “VCrypt Decryptor”. This tool aims to recover data encrypted by the VCryptor ransomware amid the international initiative “No More Ransomware.”
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.