A newly uncovered ransomware uses a relatively obscure Java file format to conceal its presence and it’s almost undetectable…
Security researchers have found another ransomware. This time though, it employs an esoteric Java file format. This way, it can more effectively evade detection, giving it ample time to detonate its file-encrypting payload. Consulting firm KPMG and Blackberry have dealt with the security threat.
New Windows and Linux Java-Based Ransomware Discovered
This malware first surfaced in an unnamed European educational facility. Blackberry’s security researchers state hackers used a remote desktop server to break into the institute’s network. The hackers then deployed a persistent backdoor in order to regain access at a later date.
Hackers wait a few days before reentering in order to better evade detection. Then, go back into the network via the persistent backdoor. At that time, the hackers are able to disable any anti-malware programs. This allows them to spread the ransomware over the network, detonate the payload, and encrypt the victim’s files. Thereafter, the intruders hold those captured files for ransom.
The team at Blackberry named the ransomware “Tycoon,” a reference to a folder name discovered within the decompiled code. Security experts say the malware’s code allows the ransomware to run on both Windows and Linux machines.