It is actually a little astonishing that this file format has not been more widely used in malware campaigns, due to the miniscule memory footprint that it leaves. It is compiled into a rarely seen file type called a Java image file (JIMAGE) that many (including myself) were not even aware existed. Though deployed manually like many other ransomwares, what sets Tycoon apart is the fact that its operators spread Tycoon around with a zip file that contains what is called a Trojanized Java Runtime Environment build (JRE). This has led researchers to conclude that its use is highly targeted, which means that its operators will selectively use the malware in situations where it is most likely to be successful. While its victim profile is relatively small, it targets small- and medium-sized businesses operating in both the software and educational fields.
Tycoon is a ransomware that has been observed in the wild since December 2019.
0 kommentar(er)
