It seems that ransomware has been ravaging corporate systems and healthcare facilities in recent years and now cybercriminals have found a way to do it without even being detected. Blackberry and KPMG’s UK Cyber Response Services found new ransomware that utilizes the programming language, Java, to encrypt files so that an attacker can demand payment for a decryption key. Known as “Tycoon,” this new ransomware has only affected a dozen or so companies, but a targeted attack doesn’t mean everyone else in the tech world is free and clear from danger.
How the Ransomware Works
Tycoon is systematically introduced to systems through a series of steps. An attacker begins by connecting their systems using a remote desktop protocol (RDP) jump server. They can then manage other devices from their own secure area. After they locate a target, the attacker will obtain the credentials for the administrator and disable local antivirus security. Once the system is compromised, an attacker uses the RDP to move across the network and initiate the connection on every server. Ransomware is then distributed throughout the network.
The final result leaves system administrators locked out of their machines with their only option of decrypting files being purchasing the 1024-bit RSA key from the attackers. Tycoon has been used on Windows and Linux systems and arrives in the Java format of JIMAGE as a ZIP file with a trojanized Java Routine Environment (JRE). This format kept them from being easily detected.
Is Java Still Commonly Used?
This particular ransomware has been active for six months, but there haven’t been nearly as many victims as other attacks such as WannaCry. Tycoon has affected small and medium-sized companies as well as educational institutions and software companies. Though its reach has been somewhat narrow, that doesn’t mean it is outdated or without consequences.
Java is a programming language that has been around for over a decade and according to JetBrain’s state of the developer ecosystem last year, is still the most popular programming language among developers. This is most likely due to the fact it is open source and meets the needs of working across networks. However, as technology advances Java is not needed during the development and instead is taking a backseat to languages like Python.
While other programming languages are better suited for Artificial Intelligence (AI) projects and other emerging technologies, Java is still prevalent, at least enough so that a ransomware attack can find its way into the coding.
Solutions for Battling the Silent Malware
Even as this blog is written, programming researchers are working on a way to freeze accounts on a computer system when a ransomware infection is detected. The system would then return to its state before the attack hit, much like a video game returns you to a checkpoint after the player loses a life. Other proposed solutions include signature-based platforms and a strong R&D team to create stronger security.
Overall, the best line of defense is to have a proper backup strategy. The complexity of a ransomware attack is only changing as technology itself becomes more complex, and with this ever-changing environment, there is no guarantee that your level of security will be enough. Having a secure backup of your data means that even if your systems are affected, you will not feel compelled to pay the ransom and can continue with your regular business operations.
Our line of hardware encrypted storage devices offer total protection with 256-bit encryption and unique authentication via onboard keypad or through mobile app. The devices are designed with a tough epoxy coating so the parts cannot be separated or reverse engineered. All of our hard drives and USBs have brute force anti-hacking and built-in antivirus to protect sensitive information from unauthorized parties. To learn more about how our SecureDrive products can save your company from the devastating blows of a ransomware attack, call 1-800-875-3230.