Cybercriminals are targeting Windows and Linux Servers with Java-based ransomware called Tycoon. A report from BlackBerry Research and Intelligence Team and KPMG’s UK Cyber Response Services said the Tycoon ransomware arrives as a ZIP archive containing a Trojanized JRE builds. The ransomware targets small and midsized companies and software companies. The initial infection occurs via an internet-facing RDP (Remote Desktop Protocol) jump server.
The ransomware that was first used in December leverages an obscure Java image format to fly under the radar.