Tycoon virus encrypts data on the victim’s computer and demands a ransom for their return.
Experts have identified a new computer virus-the Trojan Tycoon, who manages to bypass the antivirus and for a long time to remain in the network undetected, reports the Chronicle.info with reference to the Correspondent.
It is noted that to encrypt the virus uses a little-known file format Java for the infiltration. Experts have discovered a Tycoon when I was working on the restoration information in one of the educational institutions in Europe affected by cyber attacks.
The company noted that the attack of the virus begins standard: compromise is carried out through threat RDP servers visible from the Internet. Then the process is changing, the attacker uses an injection IFEO sustainable presence in the system run in the background along with the OSK, as well as disable your antivirus program using ProcessHacker.
A foothold on the company network, the attackers launch extortionate module in Java that encrypts all file servers connected to the network, including system backups.
It is noted that the operators of Ransomware, as a rule, use a powerful encryption algorithms and require a ransom in bitcoin. For most victims the only option is to hope they have a backup or pay the ransom. However, law enforcement officers are asked not to pay the ransom to the extortionists.