Three new ransomware types have been discovered only in two weeks time. They are based on Hidden Tear and EDA2 code, which are the first open source ransomware created for educational purposes.
Hidden Tear and EDA2 are dangerous open source ransomware
Open source ransomware is the latest hit for malicious users. Three new ransomware strains have been detected by security researchers that are based on the Hidden Tear and EDA2 designs. These open source ransomware were originally intended for education purposes. However, criminal programmers have modified their source code for attack purposes. Campaigns using spinoffs RANSOM_CRYPTEAR.B and RANSOM_MEMEKAP.A were detected by security researchers.
One of the main factors that lead to the popularity of the new strains is the ease of modification. As they are based on the Hidden Tear and EDA2 open source code, the criminals don’t need to have a lot of skills to modify the behavior of the tools. The source code of both Hidden Tear 2 and EDA2 was taken down from public servers, but they are still widespread across various hacker networks.
A prime example is the KaoTear (RANSOM_KAOTEAR.A) ransomware is based on Hidden Tear and uses the filename kaoTalk.exe with the KakaoTalk icon to disguise itself. KakaoTalk is a popular messaging application in South Korea that has 49.1 million users worldwide. Upon infiltration, it encrypts files and displays a ransom message in Korean.
The two other famous examples that use Hidden Tear and EDA2 code are the Pokemon GO and Fsociety ransomware. All three variants use similar tactics prove to be a formidable enemy for security experts and victims.
As the base, code is open source we expect to see more advanced ransomware attacks in the near future.