Hidden Tear

{{Short description|Open-source ransomware trojan}}

{{Infobox computer virus

| fullname = Hidden Tear

| technical_name = Ransom.MSIL.Tear

| classification = Trojan horse

| type = Ransomware

| subtype = Cryptovirus

| origin = Istanbul, Turkey

| author = Utku Sen

| OS = Microsoft Windows

| language = C#

}}

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows{{cite web|last1=Pauli|first1=Darren|title=Ransomware blueprints published on GitHub in the name of education|url=https://www.theregister.co.uk/2015/08/18/ransomware_goes_open_source/|website=The Register}} The original sample was posted in August 2015 to GitHub.{{cite web|last1=Paganini|first1=Pierluigi|title=Hidden Tear Ransomware is now open Source and available on GitHub|url=http://securityaffairs.co/wordpress/39419/cyber-crime/ransomware-open-source.html|website=Security Affairs|date=18 August 2015}}

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.{{cite web|last1=Balaban|first1=David|title=Hidden Tear Project: Forbidden Fruit Is the Sweetest {{!}} The State of Security|url=https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/hidden-tear-project-forbidden-fruit-is-the-sweetest/|website=The State of Security|date=20 March 2016}} However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.{{cite web|last1=Kovacs|first1=Eduard|title=Encryption Flaw Used to Crack Cryptear Ransomware {{!}} SecurityWeek.Com|url=http://www.securityweek.com/encryption-flaw-used-crack-cryptear-ransomware|website=Security Week}}