A newly uncovered form of ransomware is going after Windows and Linux systems in what appears to be a targeted campaign, according to ZDNet. Named Tycoon after references in the code, this ransomware has been active since December 2019, and looks to be the work of cyber criminals who are highly selective in their targeting. The malware uses an uncommon deployment technique, which helps it stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.
Ransomware continues to be one of the biggest cyber threats, but it can be avoided with a few simple techniques. As the malware deploys on the target machine via a phishing email, it is vital that all employees are risk averse to attachments in emails. Some protection can be added, such as opening attachments in sandboxes, but users still tend to favour the convenience of avoiding such protection.
The education sector tends to have less security in place than other higher-value sectors, so could be assumed lower hanging fruit to target. However, if organisations refuse to give in to ransom demands, criminals will be forced to stop using ransomware altogether. Attackers are being forced to shift the way they operate in order to continue taking on new targets, and do so by obscuring code in programs not usually associated with malware.
Ransomware is a cat and mouse game and always has been. However, backing up important files and making sure those files can\’t be compromised during an attack, is also key to the successful recovery from an attack. Being able to restore what is lost hurts the attackers, as there will be no need to pay their demands, even if you are ever struck with the infamous malware.