Skip to content

Another free ransomware decryptor is released

June 6, 2020

The malware laboratory Emsisoft launched a free decryption tool on June 4th, the tool allows victims Recover files encrypted by Tycoon ransomware attacks without paying the ransom.

The investigators of the BlackBerry security unit were the first to discover the ransomware., they said on TechCrunch Tycoon uses a Java file format. This makes detection more difficult before the user data is encrypted, which are used to encrypt files.

How Tycoon Works

Talk to Cointelegraph Brett Callow, threat analyst at Emsisoft, said::

Tycoon is a Java-based, human-powered ransomware that apparently targets small businesses and is generally implemented through an attack on RDP. Java-based ransomware is unusual, but certainly not unique. Microsoft warned last month about another variant of Java-based ransomware, PonyFinal. “

Another free ransomware decryptor is releasedAnother free ransomware decryptor is released

As for the tool Callow has also clarified some of the limitations of the free tool “Emsisoft Decryptor for RedRum”.::

“(…) The tool only works for files that were encrypted with the original Tycoon variant, not for files that were encrypted with one of the later variants. This means that it works for files with the .RedRum extension, but not for files with the .grinch or .thanos extension. Unfortunately, the only way to restore files with these latest extensions is by paying the ransom. “

One ransomware for multiple operating systems

The BlackBerry researchers found that the ransomware Tycoon can run on Windows and Linux computers and uses the same technique for requesting cryptocurrency payments as Bitcoin (BTC).

The latest findings show that tycoon infections mainly target educational institutions and software housesBlackBerry researchers believe the actual number of infections “It’s probably a lot higher.”

Furthermore, They warn that newer versions of Tycoon Ransomware have improved attack power. Previously, decryption tools could be used to recover files from multiple victims, but this is no longer possible.

June 3rd Eleven paths, the specialized cybersecurity department of the Spanish telecommunications conglomerate Telefónica, has created a free tool called “VCrypt Decryptor”, This tool aims to restore the data encrypted by VCryptor ransomware as part of the international “No more Ransomware” initiative.

Do not stop reading: