The Tycoon ransomware and its variants are now less burdensome as Emsisoft launches a tool to decrypt attacked files.
Emsisoft, a leader in malware technology, came up with a relief on June 4. Now, all those who were affected by the Tycoon ransomware can retrieve their files without paying a dime.
The first people to discover the Tycoon ransomware were some security personnel working at Blackberry. They were able to discover how the Tycoon works and told it to TechCrunch.
How Tycoon works
Brett Callow of Emsisoft revealed how Tycoon works. He said:
“Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on RDP. Java-based ransomware is unusual, but certainly not unique. Microsoft warned about another Java-based ransomware strain, PonyFinal, last month.”
The name of the tool released by Emsisoft is “Emsisoft Decryptor for RedRum.” Callow expressed regrets over the weakness of the decryptor:
“The tool only works for files encrypted by the original Tycoon variant, not for files encrypted by any subsequent variants. This means it will work for files that have a .RedRum extension, but not for files with .grinch or .thanos extension. Unfortunately, the only way to recover files with those latter extensions is to pay the ransom.”
Tycoon works on different Operating Systems
The research team also discovered that the Tycoon ransomware could be launched on Windows and Linux computers. Affected users will be asked to pay some cryptocurrencies like BTC to be free of it.
It has also been discovered that the attackers mainly target schools and makers of software. It is now known that infections are on the rise every day.
On a sad note, the researchers said that newer versions of the ransomware have more attacking power and are more difficult to deal with using the decryptor tool.
Another ransomware decryptor was introduced on June 3 by researchers at ElevenPaths, the security unit of Spain-based telecommunications company, Telefonica. This one was targeted at VCryptor ransomware so it is called VCrypt Decryptor. Unfortunately, this happened after war against ransomware was declared globally.