February 8, 2016 By Douglas Bonderud 2 min read

File this under “hardly surprising”: The educational, open-source ransomware created by Turkish security researcher Utku Sen has been spun off into 24 not-so-friendly variants including Magic, Linux.Encoder and Cryptear.B. While Sen was recently blackmailed into taking his Hidden Tear ransomware and follow-up project EDA2 off GitHub, this hasn’t stopped the spread of new iterations. Here’s a quick overview.

Hidden Tear Ransomware: Just Trying to Help?

As noted by SecurityWeek, Sen created his ransomware with a number of key flaws and limitations; for example, Hidden Tear would only encrypt files in a \test directory and wouldn’t work if the directory didn’t exist. Fundamental issues with encryption, meanwhile, meant that even malicious adaptations were no match for standard remediation techniques. But here’s the thing: Researchers from Kaspersky asserted that the InfoSec community already had a host of ransomware samples and didn’t really need an educational resource to help their learning curve.

SC Magazine pointed to the emergence of Hidden Tear ransomware variants and other open-source code as harbingers of “cheap and nasty ransomware” that attackers can pull from multiple sources, quickly adopt and then abandon when things go awry. Thankfully, much of it is little more than a nuisance.

For example, the author of Cryptolocker asked victims to email him for ransom demands, while the newly discovered Magic ransomware is demanding just one bitcoin to unlock its AES encryption — though no one has bothered to pay. There are a few more unpleasant varieties, however, such as Trojan-Ransom.MSIL.Tear.n, which encrypts user files but doesn’t bother with an encryption key, making it impossible to recover any data, according to Softpedia.

Open-Source Opportunities

Hidden Tear ransomware isn’t the only emerging open-source problem. As noted by Graham Cluley, a January 2016 malware attack on the Ukrainian electric power industry leveraged an open-source backdoor and caused a number of power outages and service interruptions. And last year, Gizmodo reported on the emergence of open-source bundles such as Tox, which creates a fully functioning — if rough around the edges — ransomware distributor.

The takeaway here? Educational malware isn’t necessary since companies have enough actual ransomware to analyze, and moderately skilled cybercriminals will turn the gift they’ve been offered into actual malware, flaws and all. Combined with other open-source code and prepackaged ransomware bundles, Hidden Tear signifies a market shift — encryption-based malware is quickly becoming an industry unto itself.

While this means more malicious code flooding corporate networks, it also comes with an unexpected bonus: standardization. Cybercriminals almost invariably opt for the cheapest, fastest solution, and right now that means prebuilt and open source.

InfoSec pros and security companies get a leg up because increasing code volume comes means a decrease in originality; finding and exploiting malware flaws becomes a matter of throughput rather than trial and error. Simply put? Poorly made malware means a smaller defensive learning curve.

More from

Hacking the mind: Why psychology matters to cybersecurity

4 min read - In cybersecurity, too often, the emphasis is placed on advanced technology meant to shield digital infrastructure from external threats. Yet, an equally crucial — and underestimated — factor lies at the heart of all digital interactions: the human mind. Behind every breach is a calculated manipulation, and behind every defense, a strategic response. The psychology of cyber crime, the resilience of security professionals and the behaviors of everyday users combine to form the human element of cybersecurity. Arguably, it's the…

Stress-testing multimodal AI applications is a new frontier for red teams

5 min read - Human communication is multimodal. We receive information in many different ways, allowing our brains to see the world from various angles and turn these different "modes" of information into a consolidated picture of reality.We’ve now reached the point where artificial intelligence (AI) can do the same, at least to a degree. Much like our brains, multimodal AI applications process different types — or modalities — of data. For example, OpenAI’s ChatGPT 4.0 can reason across text, vision and audio, granting…

Cybersecurity awareness: Apple’s cloud-based AI security system

3 min read - The rising influence of artificial intelligence (AI) has many organizations scrambling to address the new cybersecurity and data privacy concerns created by the technology, especially as AI is used in cloud systems. Apple addresses AI’s security and privacy issues head-on with its Private Cloud Compute (PCC) system.Apple seems to have solved the problem of offering cloud services without undermining user privacy or adding additional layers of insecurity. It had to do so, as Apple needed to create a cloud infrastructure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today