Emsisoft Releases Free Ransomware Decryptor Author: Ali Raza Last Updated: 13 June 2020 Emsisoft, a malware lab, has recently released a free decryptor tool on the 4th of June, 2020. With this tool in hand, victims will be capable of recovering files that had been encrypted through the use of Tycoon ransomware attacks, without needing to cough up the ransom to do so. Targeting Small enterprises It was BlackBerry’s security unit that had first discovered the ransomware, to begin with. In an interview with TechCrunch, they explained that the Tycoon encryptor leverages a java file format in order to make it harder to detect, thus making it easier to deploy its file-encrypting payload. Brett Callow stands as one of Emsisoft’s threat analysts and gave a small interview about the matter as a whole. He went into detail regarding Tycoon, explaining that the ransomware is a human-operated one based on Java. In particular, he explained that this ransomware seemed to target small-scale enterprises, typically being deployed through the use of an attack on RDP. Callow explained that ransomware based on Java are unusual, but not unique. Microsoft had already issued out a warning a month prior to another form of Java-based ransomware: PonyFinal. A Small Respite However, Callow was quick to clarify the limitations of this new tool. He stated that the tool would only serve as an effective countermeasure if the original variant of the Tycoon ransomware is used. Thus, any subsequent variants after that are incapable of being decrypted through this. What this means is that files with the .RedRum extension can be decrypted, but the same can’t be said for things like .thanos and .grinch extensions. As it stands now, the only way to recover files from those extensions is to dock up the ransom funds, according to Callow. It was noted by BlackBerry’s researchers back when it was discovered, that the Tycoon ransomware is capable of being run on both Linux and Windows computers, as it leverages the same technique in asking for cryptocurrency payments, such as Bitcoin (BTC). Ever-Evolving Cyber Warfare The most recent findings, however, demonstrate that Tycoon frequently targets software houses and educational institutions. However, the BlackBerry researchers were quick to state that they were convinced that the actual number of infections of this Tycoon ransomware is far higher than they can estimate. BlackBerry’s researchers gave further warnings for the latest versions of the Tycoon ransomware, noting that the attack power of these ransomwares has been increasing.