File this under “hardly surprising”: The educational, open-source ransomware created by Turkish security researcher Utku Sen has been spun off into 24 not-so-friendly variants including Magic, Linux.Encoder and Cryptear.B. While Sen was recently blackmailed into taking his Hidden Tear ransomware and follow-up project EDA2 off GitHub, this hasn’t stopped the spread of new iterations. Here’s a quick overview.

Hidden Tear Ransomware: Just Trying to Help?

As noted by SecurityWeek, Sen created his ransomware with a number of key flaws and limitations; for example, Hidden Tear would only encrypt files in a \test directory and wouldn’t work if the directory didn’t exist. Fundamental issues with encryption, meanwhile, meant that even malicious adaptations were no match for standard remediation techniques. But here’s the thing: Researchers from Kaspersky asserted that the InfoSec community already had a host of ransomware samples and didn’t really need an educational resource to help their learning curve.

SC Magazine pointed to the emergence of Hidden Tear ransomware variants and other open-source code as harbingers of “cheap and nasty ransomware” that attackers can pull from multiple sources, quickly adopt and then abandon when things go awry. Thankfully, much of it is little more than a nuisance.

For example, the author of Cryptolocker asked victims to email him for ransom demands, while the newly discovered Magic ransomware is demanding just one bitcoin to unlock its AES encryption — though no one has bothered to pay. There are a few more unpleasant varieties, however, such as Trojan-Ransom.MSIL.Tear.n, which encrypts user files but doesn’t bother with an encryption key, making it impossible to recover any data, according to Softpedia.

Open-Source Opportunities

Hidden Tear ransomware isn’t the only emerging open-source problem. As noted by Graham Cluley, a January 2016 malware attack on the Ukrainian electric power industry leveraged an open-source backdoor and caused a number of power outages and service interruptions. And last year, Gizmodo reported on the emergence of open-source bundles such as Tox, which creates a fully functioning — if rough around the edges — ransomware distributor.

The takeaway here? Educational malware isn’t necessary since companies have enough actual ransomware to analyze, and moderately skilled cybercriminals will turn the gift they’ve been offered into actual malware, flaws and all. Combined with other open-source code and prepackaged ransomware bundles, Hidden Tear signifies a market shift — encryption-based malware is quickly becoming an industry unto itself.

While this means more malicious code flooding corporate networks, it also comes with an unexpected bonus: standardization. Cybercriminals almost invariably opt for the cheapest, fastest solution, and right now that means prebuilt and open source.

InfoSec pros and security companies get a leg up because increasing code volume comes means a decrease in originality; finding and exploiting malware flaws becomes a matter of throughput rather than trial and error. Simply put? Poorly made malware means a smaller defensive learning curve.

More from

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…

Operational Technology: The evolving threats that might shift regulatory policy

Listen to this podcast on Apple Podcasts, Spotify or wherever you find your favorite audio content. Attacks on Operational Technology (OT) and Industrial Control Systems (ICS) grabbed the headlines more often in 2022 — a direct result of Russia’s invasion of Ukraine sparking a growing willingness on behalf of criminals to target the ICS of critical infrastructure. Conversations about what could happen if these kinds of systems were compromised were once relegated to “what ifs” and disaster movie scripts. But those days are…