- Jan 24, 2011
- 9,378
A ransomware strain based on the open source Hidden Tear ransomware is infecting users, encrypting their files and losing the encryption key along the way, rendering all files unrecoverable.
Last August, Turkish security group Otku Sen open-sourced on GitHub the code of a home-made ransomware they've created for educational purposes.
This particular ransomware was named Hidden Tear and according to its author's blog post, was a honeypot to fool ransomware authors into using his code instead of creating their own.
The trick was that Hidden Tear contained a crypto flaw that would allow the researcher to decrypt files later on if someone ever used his code.
Hidden tear spawned RANSOM_CRYPTEAR.B
According to Trend Micro's security team, someone did, and those were the creators of the ransomware strain identified by the company as RANSOM_CRYPTEAR.B.
Between September 15 and December 17, this group hijacked a website from Paraguay, and used it to redirect its users to a fake Adobe Flash look-a-like website that spread a booby-trapped Flash Player update.
Users that downloaded this update would see the file launch into execution as soon as it finished downloading, and in a matter of minutes they would be infected with a crypto-ransomware that encrypted most of their data files.
Read more: Shoddy Ransomware Destroys User's Files