Hidden Tear

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Hidden Tear
Technical nameRansom.MSIL.Tear
ClassificationTrojan horse
Point of originIstanbul, Turkey
Author(s)Utku Sen
Operating system(s) affectedMicrosoft Windows
Written inC#

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August 2015 to GitHub.[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]


  1. ^ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.
  2. ^ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.
  3. ^ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.
  4. ^ Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.