Tycoon ransomware is unusual in that it is written in Java. Hardly anyone uses this anymore due to the widely reported security problems with it.

It is deployed in the form of a Trojanized Java Runtime Environment (JRE) and leverages an obscure Java image format to fly under the radar.

The main targets of Tycoon are organisations in the education and software industries. It attacks Windows and Linux platforms. The easy defence, get rid of Java once and for all.

Once the Tycoon malware is implanted it may be dormant for a week before it takes action. This is intended to make it harder to identify the source of the attack.

Due to the reuse of a common RSA private key it may be possible to recover data without the need for payment in earlier variants.

KPMG found this malware and they have over 3,500 cyber professionals in offices around the globe with cyber response labs across 12 major regions. Our professionals have experience working on various forms of cybercrime, including insider threats, data breaches, hacktivism, and advanced persistent threat-style intrusions by highly motivated adversaries.