Hidden Tear

Hidden Tear
Hidden Tear
Technical name	Ransom.MSIL.Tear
Type	Ransomware
Subtype	Cryptovirus
Classification	Trojan horse
Origin	Istanbul, Turkey
Authors	Utku Sen
Technical details
Platform	Microsoft Windows
Written in	C#

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows^[1] The original sample was posted in August 2015 to GitHub.^[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.^[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.^[4]

References

^ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.
^ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.
^ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.
^ Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1] Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.

[2] Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.

[3] Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.

[4] Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1]

[2]

[3]

[4]