Hidden Tear

Hidden Tear
Hidden Tear
Technical name	Ransom.MSIL.Tear
Type	Ransomware
Subtype	Cryptovirus
Classification	Trojan horse
Origin	Istanbul, Turkey
Authors	Utku Sen
Technical details
Platform	Microsoft Windows
Written in	C#

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows^[1] The original sample was posted in August 2015 to GitHub.^[2]

Quick Facts Technical name, Type ...

Close

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.^[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.^[4]

[1] [1]
Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.

[2] [2]
Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.

[3] [3]
Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.

[4] [4]
Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1]

[2]

[3]

[4]

Hidden Tear

Wikiwand in your browser!

Hidden Tear

Wikiwand in your browser!

References