Security Experts from Blackberry threat Intelligence and KPMG discovered a new strain of multi-platform ransomware known as Tycoon ransomware.

According to the report, Small to medium sized companies, education institutions and software industries have been highly targeted with its attack.

The ransomware according to the report is compiled into Java image file (JIMAGE), a file format used to store custom JRE images which is designed to be used by the JVM at runtime. Experts found out that some unseen techniques has been used to achieve persistence and execute a backdoor by the attackers. Threat actors used IFEO injection (Image File Execution Options) to achieve persistence.

You can read more about the ransomware here: https://blogs.blackberry.com/en/2020/06/threat-spotlight-tycoon-ransomware-targets-education-and-software-sectors