Hidden Tear Explained

Fullname:Hidden Tear
Technical Name:Ransom.MSIL.Tear
Classification:Trojan horse
Type:Ransomware
Subtype:Cryptovirus
Origin:Istanbul, Turkey
Author:Utku Sen
Os:Microsoft Windows
Language:C#

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August 2015 to GitHub.[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]

Notes and References

  1. Web site: Pauli. Darren. Ransomware blueprints published on GitHub in the name of education. The Register.
  2. Web site: Paganini. Pierluigi. Hidden Tear Ransomware is now open Source and available on GitHub. Security Affairs. 18 August 2015.
  3. Web site: Balaban. David. Hidden Tear Project: Forbidden Fruit Is the Sweetest The State of Security. The State of Security. 20 March 2016.
  4. Web site: Kovacs. Eduard. Encryption Flaw Used to Crack Cryptear Ransomware SecurityWeek.Com. Security Week.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Hidden Tear".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2024, A B Cryer, All Rights Reserved. Cookie policy.