February 8, 2016 By Douglas Bonderud 2 min read

File this under “hardly surprising”: The educational, open-source ransomware created by Turkish security researcher Utku Sen has been spun off into 24 not-so-friendly variants including Magic, Linux.Encoder and Cryptear.B. While Sen was recently blackmailed into taking his Hidden Tear ransomware and follow-up project EDA2 off GitHub, this hasn’t stopped the spread of new iterations. Here’s a quick overview.

Hidden Tear Ransomware: Just Trying to Help?

As noted by SecurityWeek, Sen created his ransomware with a number of key flaws and limitations; for example, Hidden Tear would only encrypt files in a \test directory and wouldn’t work if the directory didn’t exist. Fundamental issues with encryption, meanwhile, meant that even malicious adaptations were no match for standard remediation techniques. But here’s the thing: Researchers from Kaspersky asserted that the InfoSec community already had a host of ransomware samples and didn’t really need an educational resource to help their learning curve.

SC Magazine pointed to the emergence of Hidden Tear ransomware variants and other open-source code as harbingers of “cheap and nasty ransomware” that attackers can pull from multiple sources, quickly adopt and then abandon when things go awry. Thankfully, much of it is little more than a nuisance.

For example, the author of Cryptolocker asked victims to email him for ransom demands, while the newly discovered Magic ransomware is demanding just one bitcoin to unlock its AES encryption — though no one has bothered to pay. There are a few more unpleasant varieties, however, such as Trojan-Ransom.MSIL.Tear.n, which encrypts user files but doesn’t bother with an encryption key, making it impossible to recover any data, according to Softpedia.

Open-Source Opportunities

Hidden Tear ransomware isn’t the only emerging open-source problem. As noted by Graham Cluley, a January 2016 malware attack on the Ukrainian electric power industry leveraged an open-source backdoor and caused a number of power outages and service interruptions. And last year, Gizmodo reported on the emergence of open-source bundles such as Tox, which creates a fully functioning — if rough around the edges — ransomware distributor.

The takeaway here? Educational malware isn’t necessary since companies have enough actual ransomware to analyze, and moderately skilled cybercriminals will turn the gift they’ve been offered into actual malware, flaws and all. Combined with other open-source code and prepackaged ransomware bundles, Hidden Tear signifies a market shift — encryption-based malware is quickly becoming an industry unto itself.

While this means more malicious code flooding corporate networks, it also comes with an unexpected bonus: standardization. Cybercriminals almost invariably opt for the cheapest, fastest solution, and right now that means prebuilt and open source.

InfoSec pros and security companies get a leg up because increasing code volume comes means a decrease in originality; finding and exploiting malware flaws becomes a matter of throughput rather than trial and error. Simply put? Poorly made malware means a smaller defensive learning curve.

More from

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

How generative AI Is expanding the insider threat attack surface

3 min read - As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools…

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today