Hidden Tear

Hidden Tear
Hidden Tear
Technical name	Ransom.MSIL.Tear
Type	Ransomware
Subtype	Cryptovirus
Classification	Trojan horse
Origin	Istanbul, Turkey
Authors	Utku Sen
Technical details
Platform	Microsoft Windows
Written in	C#

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows^[1] The original sample was posted in August 2015 to GitHub.^[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.^[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.^[4]

References

^ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.
^ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.
^ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.
^ Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1] Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.

[2] Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.

[3] Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.

[4] Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1]

[2]

[3]

[4]