Engineering:Hidden Tear
From HandWiki
Short description: Open-source ransomware trojan
| Technical name | Ransom.MSIL.Tear |
|---|---|
| Classification | Trojan horse |
| Type | Ransomware |
| Subtype | Cryptovirus |
| Point of origin | Istanbul, Turkey |
| Author(s) | Utku Sen |
| Operating system(s) affected | Microsoft Windows |
| Written in | C# |
Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August 2015 to GitHub.[2]
When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]
References
- ↑ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". https://www.theregister.co.uk/2015/08/18/ransomware_goes_open_source/.
- ↑ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". http://securityaffairs.co/wordpress/39419/cyber-crime/ransomware-open-source.html.
- ↑ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/hidden-tear-project-forbidden-fruit-is-the-sweetest/.
- ↑ Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". http://www.securityweek.com/encryption-flaw-used-crack-cryptear-ransomware.
 |
