Hidden Tear
Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows[1] The original sample was posted in August 2015 to GitHub.[2]
| Technical name | Ransom.MSIL.Tear |
|---|---|
| Classification | Trojan horse |
| Type | Ransomware |
| Subtype | Cryptovirus |
| Point of origin | Istanbul, Turkey |
| Author(s) | Utku Sen |
| Operating system(s) affected | Microsoft Windows |
| Written in | C# |
When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.[4]
References
- Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.
- Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.
- Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.
- Kovacs, Eduard. "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.