The new virus attacks user data and requires money to unlock.
It is noted that the ransomware virus, which was named Tycoon, may remain invisible to antiviruses for a long time. It is reported by Blackberry.
For encryption, the virus uses Java files in order to remain invisible.
Specialists discovered Tycoon when they were working on information recovery in a cyber-attacked educational institution in Europe.
The virus penetrates electronic media through dangerous RDP servers that the system recognizes via the Internet.
Attackers use IFEO injection to ensure a stable presence in the system, launch a backdoor with OSK, and also disable anti-virus programs using ProcessHacker.
Having gained a foothold in the company’s network, attackers launch a ransomware module in Java that encrypts all file servers connected to the network, including backup systems.
It is noted that Ransomware operators, as a rule, use powerful encryption algorithms, and cryptocurrencies require ransom. For most victims, the only option is to hope that they have a backup or pay a ransom.