Hackers have developed new Java-based ransomware that targets Windows and Linux devices. According to Techcrunch's latest report, a new kind of ransomware was discovered by security researchers. They found out that it uses a little-known Java file format that makes the ransomware even more difficult to detect before it activates its file-encrypting payload.
Also Read: [HACKER] Google Says Iranian Hackers Targeted Donald Trump Campaign Staff's Emails Accounts: Hackers from China Tried to Phish Joe Biden Camp
Windows and Linux are Now Being Targeted by New Java-Based Ransomware: The Java File Format Used Makes it More Difficult to Detect
A recovery effort was done by the incident response unit of consulting firm KPMG to help an unnamed European education institute affected by the ransomware attack. The new Java-based ransomware was analyzed by BlackBerry's security research unit, which partners with KPMG. The findings were published on Thursday, June 4.
Also Read: Poll Found 1 in 10 People Stalked Their Exes with Stalkerware, Now What Can You Do if You're the Victim?
The researchers of BlackBerry stated that the hacker used a remote desktop server connected to the internet to breach the institute's network, deploying a persistent backdoor in order to gain easy access to the network after they leave. According to the analysis, the hacker re-enters the network again through the created backdoor after a few days of inactivity to prevent detection.
The hacker then spreads the ransomware module across the network and detonates the payload by disabling any running anti-malware service. Each of the computer's files was encrypted, allowing the hacker to hold them hostage for a ransom.
Windows and Linux are now being targeted by new Java-based ransomware; The Java file format used makes it more difficult to detect
According to Techcrunch, the researchers confirmed that the incident is the first one they've seen that used a ransomware module, compiled into a Java image file format (JIMAGE). These files are a bit like a Java application containing all the components needed for the code to run.
Windows and Linux are Now Being Targeted by New Java-Based Ransomware: The Java File Format Used Makes it More Difficult to Detect
The researchers claimed that these files are rarely scanned by anti-malware engines that can allow hackers to breach any system undetected. Referencing a folder name found in the decompiled code, BlackBerry named the new Java-based ransomware "Tycoon."
The report stated that the module had code that allows hackers to run the new ransomware on both Linux and Windows computers or other devices. Ransomware operators scramble victim's files in exchange for a ransom, often demanded in cryptocurrency, using strong and off-the-shelf encryption algorithms. Once an individual is attacked by ransomware, their only option is to hope they saved a backup file or pay the ransom; the FBI does not encourage people to pay the ransom, the report stated.
However, the security researchers confirmed that there are other ways that the victims can recover their stolen files without paying the hacker. Since the same encryption keys are used by the early versions of the Tycoon ransomware to scramble their victim's devices, one decryption tool can be used to recover the files for multiple victims.
