Hidden Tear

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Hidden Tear
Technical name Ransom.MSIL.Tear
Classification Trojan horse
Type Ransomware
Subtype Cryptovirus
Point of origin Istanbul, Turkey
Author(s) Utku Sen
Operating system(s) affected Microsoft Windows
Written in C#

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August of 2015 to GitHub.[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]

References[edit]

  1. ^ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register. 
  2. ^ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs. 
  3. ^ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security. 
  4. ^ Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.