A new dangerous virus has appeared on the Internet

11 months ago

The new virus attacks user data and requires money to unlock.

It is noted that the ransomware virus, which was named Tycoon, may remain invisible to antiviruses for a long time. It is reported by Blackberry.

For encryption, the virus uses Java files in order to remain invisible.

Specialists discovered Tycoon when they were working on information recovery in a cyber-attacked educational institution in Europe.

The virus penetrates electronic media through dangerous RDP servers that the system recognizes via the Internet.

Attackers use IFEO injection to ensure a stable presence in the system, launch a backdoor with OSK, and also disable anti-virus programs using ProcessHacker.

Having gained a foothold in the company’s network, attackers launch a ransomware module in Java that encrypts all file servers connected to the network, including backup systems.

It is noted that Ransomware operators, as a rule, use powerful encryption algorithms, and cryptocurrencies require ransom. For most victims, the only option is to hope that they have a backup or pay a ransom.

Leave a Comment