Image
"Initial analysis suggests that this is the first version, or trial, of a larger attack because despite the encryption operation, sometimes the [ransomware] does not succeed in encrypting victim files, and moreover, despite the fact that there are many changes in the victim's system registry, it is not able to maintain its functionality after rebooting the system."It therefore comes as no surprise that Tyrant is actually a member of DUMB, a family of ransomware based on proof-of-concept code published on GitHub and later forked by others. First spotted by Bleeping Computer founder Lawrence Abrams in January 2017, DUMB's early variants used simplistic XOR encryption and saved the encryption key in their encrypted file. This made decryption easy, reports Bleeping Computer's Catalin Cimpanu. So easy, in fact, that one variant self-decrypted as soon as a victim closed out the ransom note. Security researcher MalwareHunterTeam is investigating whether users can decrypt the ransomware the same way as other DUMB variants at the time of this writing. To protect themselves against threats like Tyrant, users should download VPN applications and similar programs directly from either the developers' websites or their profiles on official app marketplaces. They should also work to prevent a ransomware infection by keeping their computers up-to-date and installing an anti-virus solution onto their machines. Lastly, they should back up their data just in case they suffer a ransomware attack.
