Lately, a virus which is based on the open source Hidden Tear ransomware has been infecting pc users worldwide. This ransomeware encrypts users’ files, loosing the encryption key and rendering the files unrecoverable.
Originally, Hidden Tear appears to be a home-made ransomware created for educational purposes. According to its author’s blog post, the virus was a honeypot to fool ransomware authors into using his code instead of creating their own. The trick was that Hidden Tear contained a crypto which would allow the researcher to decrypt files later on in case someone ever used his code.
Unfortunately, the people who used the above-mentioned code were the creators of the ransomware strain identified by the company as RANSOM_CRYPTEAR.B.
Last year, this group of cyber criminals hijacked a website from Paraguay, and used it to redirect its users to a fake Adobe Flash look-a-like website that spread a booby-trapped Flash Player update.
All users who downloaded this update would see the file launch into execution as soon as it finished downloading, and their computers would be infected with a crypto-ransomware that encrypted most of their data files.
The worst part here was that the creators of Hidden Tear managed to muddle its code, and they were throwing away the encryption key, never sending it to their C&C servers.
The shoddy behavior didn’t matter for the ransomware’s authors, who were more interested in receiving the Bitcoin payment of $500, than in providing a safe way to decrypt encrypted files after the ransom was received.
Even if the Otku Sen team built a secret backdoor into Hidden Tear’s encryption algorithm, this was in the end useless because the encryption key was lost as well.
Regarding the badly encrypted ransomware, this is not the first case when this happens. In November, 2015 a version of the Power Worm ransomware also managed to lose its encryption key, permanently locking all the users’ files.