It is the Tuesday morning after a long weekend. You come into work early to get caught up on emails only to find you are completely locked out. You have been hit by a ransomware attack. You ask yourself, “What happened? And how do I fix it?”This post will explore three of the most significant ransomware families of 2020: Tycoon, Ryuk and REvil. After discussing how these strains work, we’ll share some best practices that organizations can use to defend themselves against a ransomware infection.Tycoon
Tycoon is compiled in the Java image format, ImageJ, and is deployed using a trojanized version of
Java Runtime Environment (JRE). This is an odd methodology for ransomware that is not often seen. The Tycoon ransomware often uses an insecure connection to an RDP server as its way into the network. Once inside the network, it will disable anti-malware software so that it can remain undetected on the system until the attack is finished.This crypto-malware strain has been around since December of 2019. Tycoon’s code is written to be used against both Windows and Linux systems and is used to target small- and medium-sized businesses (SMBs), primarily in the software and education industries. It is believed that Tycoon may be linked to
Dharma (Crysis) due to similarities in the naming conventions and email addresses used.According to
TechRad
revil
tycoon
ransomware
defend
against
