Emsisoft Releases Free Decryptor Tool For RedRum Ransomware
Emsisoft Releases Free Decryptor Tool For RedRum Ransomware
June 6, 2020
Emsisoft Releases Free Decryptor Tool For RedRum Ransomware
Emsisoft Releases Free Decryptor Tool For RedRum Ransomware
June 6, 2020

Malware lab, Emsisoft has released a free decryptor tool on June 4 enabling victims to recover files encrypted by Tycoon (originally known as RedRum) ransomware attacks without needing to pay the ransom.

Researchers from BlackBerry’s security unit first discovered the ransomware. Tycoon uses a Java file format to make it more difficult to detect before deploying its payload that encrypts the files.

Brett Callow, threat analyst of Emsisoft, said:

“Tycoon is a Java-based, human-operated ransomware that appears to specifically target smaller enterprises and is typically deployed via an attack on RDP. Java-based ransomware is unusual, but certainly not unique. Microsoft warned about another Java-based ransomware strain, PonyFinal, last month.”

Callow also clarified some of the limitations of the free tool “Emsisoft Decryptor for RedRum”:

“(…) the tool only works for files encrypted by the original Tycoon variant, not for files encrypted by any subsequent variants. This means it will work for files that have a .RedRum extension, but not for files with .grinch or .thanos extension. Unfortunately, the only way to recover files with those latter extensions is to pay the ransom.”

BlackBerry’s researchers noted that Tycoon ransomware can run on both Windows and Linux computers, employing the same technique of asking for cryptocurrency payments.

ALSO READ :  UAE Financial Watchdog Asks for Public Feedback on Crypto Regulation

Latest findings reveals that Tycoon infections mostly target educational institutions and software houses.

Researchers from BlackBerry believes that the actual number of infections “is likely far higher.” They also warned that newer versions of Tycoon ransomware have been improving its attack power.

Previously, decryption tools could be used to recover files for multiple victims, however it is no longer possible.

Source: Cointelegraph | Image: Unsplash


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Jafrin Ahmed

Crypto newbie passionate about creating resourceful content on blockchain technology, cryptocurrencies and decentralized apps.