The discovery of a malicious ransom program hidden in a Java file gown |
Security researchers have discovered a new type of ransomware that uses an unknown format for Java files. This complicates detection before installing user data that encodes the victim's files.
The KPMG's Cyber Security Incident Response Team said that a resumption of work at an unknown European educational institution that was attacked by malicious ransomware was then called back to the BlackBerry's KPMG Cyber Security Research Group (BlackBerry Cyber Security research unit) analyzing malware and publishing results today is Thursday.
A BlackBerry researcher said: A hacker used a remote desktop server connected to the Internet to penetrate the institute's network and create a stable back door to allow easy access to the network after leaving. After several days of inactivity to prevent detection, the hacker re-entered the network through the back door, cut all services that could face malware, deploy ransomware on the network, and install files that each computer on computers encrypted the network. Download the ransomware and request it to decrypt it.
Researchers say this is the first time they have seen malicious ransomware in the Java or JIMAGE file format. These files contain all the components needed to run the code. They are similar to Java applications, but are rarely scanned by anti-malware engines.
Ransomware usually uses strong encryption algorithms and is ready to recover victim files from ransomware. Ransomware is usually requested in cryptocurrency. For most victims, their only option is to get a backup copy or pay a ransom.
However, the researchers say: I hope some victims can recover their encrypted files without paying a ransom, because earlier versions of the ransomware (called Tycoon) used the same encryption key to block pirate files. This means that a single decoder can be used to recover files for multiple victims, the researchers said. However, it appears that the new version of Tycoon has addressed this vulnerability.
Two BlackBerry researchers told TechCrunch: They've seen about 12 "advanced" infections in the past six months, indicating that hackers carefully choose victims.