Recently just 2 days ago on June 4, Emsisoft, Malware lab released a Free Ransomware Decryptor tool which enables victims to recuperate encrypted files by Tycoon ransomware attacks without a need to pay the ransom.
The first ones to discover the ransomware were actually BlackBerry’s security unit. In TechCrunch, they stated that a java format is used by Tycoon which makes it harder to distinguish before bombarding its cargo that encrypts the files.
Brett Callow, threat analyst of Emsisoft told while speaking with Cointelegraph,
“Tycoon is Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on RDP. Java-based ransomware is unusual, but certainly not unique. Microsoft warned about another Java-based ransomware strain, PonyFinal, last month.”
He also mentioned and clarified some of the limitations that come with the Emsisoft Decryptor for RedRum.
“the tool only works for files encrypted by the original Tycoon variant, not for files encrypted by any subsequent variants. This means it will work for files that have a.RedRum extension, but not for files with .grinch or .thanos extension. Unfortunately, the only way to recover files with those latter extensions is to pay the ransom.”
BlackBerry’s researchers noted that tycoon ransomware employs the same technique used in asking for cryptocurrency payments like Bitcoin (BTC) as it can run on both operating systems like Windows and Linux.
As the latest research and findings show, Tycoon infections are mostly targeted on software houses and educational institutions and the actual number of infections is much much higher, BlackBerry researchers believe.
ElevenPaths, the specialized cybersecurity unit of the Spanish telecommunications conglomerate, Telefonica too created a free tool that goes by the name of VCrypt Decryptor on June 3. The tool targets to recover data encrypted by VCryptor ransomware.