Hidden Tear

Hidden Tear
Hidden Tear
Malware details
Technical name	Ransom.MSIL.Tear
Type	Ransomware
Subtype	Cryptovirus
Classification	Trojan horse
Origin	Istanbul, Turkey
Authors	Utku Sen
Technical details
Platform	Microsoft Windows
Written in	C#

Last updated December 19, 2025

Hidden Tear is the first open-source ransomware trojan that targets computers running Microsoft Windows ^[1] The original sample was posted in August 2015 to GitHub.^[2]

When Hidden Tear is activated, it encrypts certain types of files using a symmetric AES algorithm, then sends the symmetric key to the malware's control servers.^[3] However, as Utku Sen claimed "All my malware codes are backdoored on purpose", Hidden Tear has an encryption backdoor, thus allowing him to crack various samples.^[4]

References

↑ Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.
↑ Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.
↑ Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.
↑ Kovacs, Eduard (18 January 2016). "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Pauli, Darren. "Ransomware blueprints published on GitHub in the name of education". The Register.

[2] Paganini, Pierluigi (18 August 2015). "Hidden Tear Ransomware is now open Source and available on GitHub". Security Affairs.

[3] Balaban, David (20 March 2016). "Hidden Tear Project: Forbidden Fruit Is the Sweetest | The State of Security". The State of Security.

[4] Kovacs, Eduard (18 January 2016). "Encryption Flaw Used to Crack Cryptear Ransomware | SecurityWeek.Com". Security Week.

[1]

[2]

[3]

[4]